Considering CORS
is here to stay, I'd propose switching the order in which you are sending out data.
- Detect CORS support
- If CORS is supported, send your
application/json
response - If CORS is not supported, fallback to
JSONP
(IE<=7, Opera<12, or Firefox<3.5)
This way you get to redeem the best of the more secure method and fall back to the other for non-compliant clients.