It’s exciting times for web developers. Many of the hoops we used to have to jump through are being eliminated as more browsers support more of the HTML5 spec and more people are using modern browsers. One of the things that has me excited is Cross-origin resource sharing (CORS).
The rub is that there are still browsers out there that don’t support CORS. The wikipedia link covers which. The good news is that modern browser adoption is growing fast. We’re approaching a time where there is a small enough group of the older browsers where you might feel comfortable displaying a message to your users saying “Are those cobwebs I see on your browser? Please upgrade to use this app.” Not everyone can do that, but if you can, then read on.
IE10 supports CORS through the XMLHttpRequest object. IE8 & 9 support it, but the through the XDomainRequest object. I don’t know about you, but I don’t XMLHttpRequest directly anyway. I typically use the jQuery $.get(), $.getJSON(), or $.ajax() methods. There is a helper library for jQuery called jQuery.iecors that allows you to use jQuery unchanged. The last thing you need to know is that the server you are calling to has to allow CORS. Thanks to enable-cors.org, you have a handy reference to know how enable it on your server.