This page attempts to embed many resources from the cross-origin+cross-site address https://origin-b-example-1-20240809.nyoomnyoom.com/
It does that while maintaining cross-origin isolation on both the embedder and the embedded origin.
As you can see below, this origin is successfully isolated. The embedded origin in the iframe is also isolated.
Both this origin and the embedded origin in the iframe may make use of restricted APIs such as SharedArrayBuffer
For this method to work, the embedded origin must collaborate by setting specific headers.
Note 1: There is a way to get it working without the cross-origin collaborating by adding extra headers, which I'll get around to demostrating in the future.
Note 2: You can test the restricted APIs in the DevTools console.
(loading)
(loading)
(loading)
This text is green if the cross-origin stylesheet is working.
crossOriginIsolated:
Boolean(SharedArrayBuffer):