CORS was really part of the inspiration for ServerCyde. AJAX is cool, it lets you make the web more responsive, but it only connects to the site that you built. If you wanted to consume the services of a third party then you would have to proxy it over your server or compromise on the functionality that you can offer. As more and more digital services get turned into API services (life graphs, url minification, image manipulation, data storage…) browsers will evolve to allow greater interconnectedness without sacrificing security. Right now each browsing is either trying their own implementation out (is it netscape vs IE all over again) or at some stage op implementing CORS standards, or web sockets. In the mean time I wanted a solution that worked now and supported all of the HTTP verbs so I had to implement one myself.
What it came down to was simple enough. Hidden iFrames and window.href polling. You see, when you open a site in an iframe the parent can only read the URL if the domains match. So what i did was have my server redirect back to your domain with a token in the URL that you could use to make a plain JSONP request for the data. This model, works in every browser, lets you POST with cookies, and even allows a connection to stay open for a COMET implementation.
You can check it out in action here: http://servercyde.com/Developers/
Get the code from GitHub here: https://github.com/easymovet/ServerCyde/wiki