Today, embedding Kandelo on a third-party page requires the embedder to opt into COOP/COEP, which is a major adoption blocker. The Document-Isolation-Policy (DIP) header lets an iframe declare its own isolation and obtain SharedArrayBuffer without parent COEP cooperation. It shipped stable in Chrome 137 in May 2025, so on Chrome desktop this is a real, working path today, not a future spec.
Why this matters
- Removes the single biggest reason a host site refuses to embed Kandelo.
- Aligns Kandelo's embed story with what WordPress Playground would need to adopt it.
- Falls back cleanly: DIP iframe → COEP-cooperative iframe → popup launcher.
Proposed validation
- Serve
/embed.html with Document-Isolation-Policy : isolate-and-credentialless, no parent COEP.
- Confirm crossOriginIsolated === true inside the iframe.
- Boot the kernel worker + a process worker and run hello.wasm.
- Verify behavior under Safari and Firefox. Fails.
Browser support reality
Suggested follow-up if validation passes
Design a <kandelo-embed> web component with an auto-degrade ladder [ DIP → COEP cooperative → popup ], so embedders get the best lane their browser supports without per-site config.
Today, embedding Kandelo on a third-party page requires the embedder to opt into COOP/COEP, which is a major adoption blocker. The
Document-Isolation-Policy(DIP) header lets an iframe declare its own isolation and obtainSharedArrayBufferwithout parent COEP cooperation. It shipped stable in Chrome 137 in May 2025, so on Chrome desktop this is a real, working path today, not a future spec.Why this matters
Proposed validation
/embed.htmlwithDocument-Isolation-Policy : isolate-and-credentialless, no parent COEP.Browser support reality
Suggested follow-up if validation passes
Design a
<kandelo-embed>web component with an auto-degrade ladder [ DIP → COEP cooperative → popup ], so embedders get the best lane their browser supports without per-site config.