CORS is supported by all modern browsers, and XDomainRequest
is its equivalent in Internet Explorer 8 and 9. Your code may include a switch to provide both the methods.
Using CORS requires planning: what resource(s) do you need to access, and how will you use them in your application?
Executing CORS requires preparation:
You must place the CORS header Access-Control-Allow-Origin on the page(s) on your target domain(s) for CORS to succeed.
A best practice is making sure that AJAX is supported by the client; otherwise, CORS with JavaScript will not be possible, and the function making the request can fail silently. Provide a handler in case AJAX is not supported.
Preflight is required for non-simple CORS requests. Preflight can detect potential problems that can make the actual request fail and can provide better security.