How can I make cross-domain requests with custom headers without using XDomainRequest or XMLHttpRequest?

Question

I have a single page web application delivered from www.example.com. This web applications

• needs to make AJAX requests against another server named api.example.com
• it has to set certain header fields like Authorization when sending requests to api.example.com
• it has to be compatible with recent and not so recent browsers (for example IE >= 8)

All this works by handling CORS requests on api.example.com with Chrome (and other recent WebKit-based browsers) using XMLHttpRequest. IE older than version 10 doesn't implement CORS for XMLHttpRequest and instead provides the non-standard XDomainRequest object for cross-domain requests. But XDomainRequest does not implement a way to set HTTP header fields.

So my question is: How can I make cross-domain requests with custom headers without using XDomainRequest or XMLHttpRequest? What is the best practice workaround?

Edit: I have control over all involved servers (*.example.com).

Answer 1

I'm afraid there is no other way but to implement a proxy for this request in your application's server side. An example.