Bringing WebContainers to all Browsers: a call to action for COEP Credentialless

StackBlitz's WebContainers, a proprietary Node.js runtime launched in 2021, necessitate cutting-edge browser functionalities like Shared Array Buffers (SABs) and Cross-Origin Embedder Policy (COEP) Credentialless to operate effectively across all browsers, including Safari and Firefox, as well as in on-prem enterprise environments. SABs are crucial for high-performance applications but faced security challenges, such as the Meltdown and Spectre vulnerabilities discovered in 2018, leading to browser vendors requiring cross-origin isolation. This requirement disrupted many applications, including StackBlitz WebContainers, prompting temporary workarounds like the Chrome origin trial. COEP Credentialless, as a long-term solution, allows secure loading of cross-origin resources by automatically removing embedded credentials and is expected to enable multi-browser support. StackBlitz plans to transition to this approach in Q2 2022, pending broader browser adoption, and aims to ensure stability and security before extending it to its Enterprise Edition.