Some of the runtime's new/proposed functionality - native crypto, and multithreading - rely on SharedArrayBuffer. However, as per https://developer.chrome.com/blog/enabling-shared-array-buffer/, Chromium is soon going to start limiting this feature to be available only for cross-origin isolated sites. This will take effect as of Chromium v106.

That is, the site would need to be served with these headers:

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin

We can't do anything to enable this by default for standalone Blazor WebAssembly, as that's just a set of static files, and the HTTP headers are controlled by whatever is serving those files. This might lead to some functional problems for people hosting on GitHub pages or other places where the headers can't be controlled.

For hosted-on-ASP.NET Core sites, is there a way we could enable these headers by default? And would it be safe and reasonable to do so?