Hold up, aren't cross-domain requests disallowed for a good reason (security)? I get that Access-Control is unsupported in old IE, but gosh, doesn't it make way more sense?
The reason that cross-domain requests are disallowed has to do almost entirely with cookies. The concern is that since almost everyone uses cookies for identity, it is possible (without the cross-domain barrier) for a random web page to tell the browser to go fetch all their secret data and then return it to the malicious page.
This whole thing isn't an issue any longer if the server containing the secret data is expecting random people to access it and implements auth with something more than cookies. Take a look at Twitter and Facebook. They both allow cross-domain requests.
janky.post will only work if the server is expecting the request (it won't allow arbitrary requests to anything on the remote server) and then, it's up to the remote site's engineers to make these endpoints secure.
This whole thing isn't an issue any longer if the server containing the secret data is expecting random people to access it and implements auth with something more than cookies. Take a look at Twitter and Facebook. They both allow cross-domain requests.
janky.post will only work if the server is expecting the request (it won't allow arbitrary requests to anything on the remote server) and then, it's up to the remote site's engineers to make these endpoints secure.