Can XDomainRequest be used to make same-origin requests?

Question

What happens if you use IE8/9's XDomainRequest object to make a same-origin request? Does the request succeed? If so, is it limited in the same ways as cross-origin requests?

Answer 1

XDomainRequest seems to always attach an Origin header to requests it sends, making it appear as if they are cross-origin, even if they are not. So, if a same-origin request is made to a server using XDomainRequest, the request will fail if the server doesn't include Access-Control-Allow-Origin among its response headers. I verified this myself just now. The ability to set headers would be part of the transport's prototype, so methods like setRequestHeader are also still missing, regardless of the ultimate destination.