Make a CORS request in IE9 with cookies?

Question

In IE9, I am attempting to make a cross origin request with cookies. However, even when I have the Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Allow-Methods all set to the appropriate values (the origin domain, true, and GET, POST), IE9 still isn't sending or setting cookies from the request. Here's the script I'm using:

var xdr = new XDomainRequest()
xdr.open("http://mydomain.com/cors.php")
xdr.withCredentials = true;
xdr.send();

Any idea on how to get cookies to work with CORS requests in IE9?

Answer 1

From this page http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx at the bottom you can see Update: Internet Explorer 10 now supports CORS using XMLHTTPRequest. It means CORS is not handled properly in IE9. Sorry. They propose some workarounds with proxy in the same article.

Browser compatibility matrix is given at http://caniuse.com/cors where by partial support they mean

Internet Explorer 8 provides support via the XDomainRequest object but doesn't support credentialed requests http://code.google.com/p/sgvizler/wiki/Compatibility.

Answer 2

From my experience, if both domains are in your control better to use postMessage