updating the readme

Author: shubhammalhotra28

examples/web/RunAnywhereAI/vite.config.ts

@@ -60,9 +60,11 @@ export default defineConfig({
   },
   server: {
     headers: {
-      // Required for SharedArrayBuffer (pthreads) and WASM threads
+      // Cross-Origin Isolation — required for SharedArrayBuffer / multi-threaded WASM.
+      // Without these headers the SDK falls back to single-threaded mode.
+      // Safari doesn't support 'credentialless'; see public/coi-serviceworker.js
+      // and the ensureCrossOriginIsolation() call in src/main.ts for the fallback.
       'Cross-Origin-Opener-Policy': 'same-origin',
-      // 'credentialless' allows cross-origin resource loading
       'Cross-Origin-Embedder-Policy': 'credentialless',
     },
     fs: {

sdk/runanywhere-web/README.md

@@ -116,10 +116,12 @@ The pre-built WASM includes llama.cpp (LLM/VLM), whisper.cpp (STT), and sherpa-o
 npm install @runanywhere/web
 ```
 
-### Serve WASM Files
+### Serve WASM Files + Cross-Origin Isolation
 
 The package includes pre-built WASM files in `node_modules/@runanywhere/web/wasm/`. Configure your bundler to serve these as static assets.
 
+> **Important:** Your server **must** set Cross-Origin Isolation headers for `SharedArrayBuffer` and multi-threaded WASM to work. Without these headers the SDK falls back to single-threaded mode, which is significantly slower. See [Cross-Origin Isolation Headers](#cross-origin-isolation-headers) for all platforms (Nginx, Vercel, Netlify, Cloudflare, AWS, Apache).
+
 **Vite:**
 
 ```typescript
@@ -128,6 +130,7 @@ export default defineConfig({
   assetsInclude: ['**/*.wasm'],
   server: {
     headers: {
+      // Required for SharedArrayBuffer / multi-threaded WASM
       'Cross-Origin-Opener-Policy': 'same-origin',
       'Cross-Origin-Embedder-Policy': 'credentialless',
     },
@@ -145,9 +148,18 @@ module.exports = {
       { test: /\.wasm$/, type: 'asset/resource' },
     ],
   },
+  devServer: {
+    headers: {
+      // Required for SharedArrayBuffer / multi-threaded WASM
+      'Cross-Origin-Opener-Policy': 'same-origin',
+      'Cross-Origin-Embedder-Policy': 'credentialless',
+    },
+  },
 };
 ```
 
+> **Safari/iOS:** Safari does not support `credentialless` COEP. Use the COI service worker pattern shown in the [demo app](../../examples/web/RunAnywhereAI/) — it intercepts responses and injects `require-corp` headers at runtime. See `public/coi-serviceworker.js` and the `ensureCrossOriginIsolation()` call in `src/main.ts`.
+
 ---
 
 ## Quick Start

sdk/runanywhere-web/packages/core/src/Infrastructure/DeviceCapabilities.ts

@@ -80,6 +80,16 @@ export async function detectCapabilities(): Promise<WebCapabilities> {
     `Cores=${capabilities.hardwareConcurrency}`,
   );
 
+  if (!capabilities.isCrossOriginIsolated) {
+    logger.warning(
+      'Cross-Origin Isolation is NOT enabled. SharedArrayBuffer and multi-threaded WASM ' +
+      'will be unavailable. Set these HTTP headers on your server:\n' +
+      '  Cross-Origin-Opener-Policy: same-origin\n' +
+      '  Cross-Origin-Embedder-Policy: credentialless\n' +
+      'See: https://github.com/AnywhereAI/runanywhere-sdks/tree/main/sdk/runanywhere-web#cross-origin-isolation-headers',
+    );
+  }
+
   return capabilities;
 }