CORS, W3C’s mechanism for standardised cross-domain XHR has reached a turning point. More than 50% of user browsers* support it now, with another 31% (MS IE 8 + 9) implementing the core functionality. This means that 81% of browsers allow at least basic execution of cross-origin XHR. Very good news, considering my ongoing effort to promote CORS as a replacement for JSONP and my the open-source CORS Servlet Filter for Java web apps which I developed in 2010 and continue to maintain.
* Stats is based on global data from Statcounter.
From the major browser vendors, the only one that doesn’t have CORS support yet is Opera. But there have been leaks on the web that they will soon have it too. Firefox has had CORS since 3.5, Internet Explorer since 8.0 (partial, but enough for most purposes), Google Chrome since 9.0 and Safari since 3.2. I suppose that in about 12 months time CORS support will cross the 90% milestone, which will open up the majority of developers to switch to it with confidence.
As for NimbusDS, cross-domain requests have been supported since 2010 and all new products incorporate it. Next week I’m planning to launch a Json2Ldap demo on the CloudBees PaaS which makes exclusive use of CORS for the JSON requests to the remote cloud web service.