Benefit of CORS over cross-domain messaging

Question

CORS and cross-domain messaging look the same to me: they allow communication across domains.

Are there any reasons to use one vs. the other?

Answer 1

First of all you should be aware that CORS is supported by the following browsers: Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome. Please note that IE7 and older versions of Firefox and Safari doesn't support it at all. But event IE8 has some limitations - it doesn't support credentials and "preflight" requests to be sent to the server. In addition, your server should be ready for CORS requests, i.e. some extra work on the server should be performed as well.

Cross-domain messaging by using JSONP or iFrames are more universal in terms of browser support and sometimes even doesn't require extra server-side work.