If the property withCredentials is a boolean property, why do the code samples assign the string "true"? Shouldn't the code samples simply assign the boolean value true?
Access-Control-Allow-Origin is not comma separated!
It seems that the info in the article is false concerning the value of the Access-Control-Allow-Origin header. The spec says, it has to be either "*" or mirrors the exact value of the Origin header. No word about a comma separated list. Actually FF 3.5 also has this behaviour. If you throw a comma separated list onto it, it will ignore the result. Can someone with more knowledge of the internals verify this and correct the article? --Manuel Strehl 02 November 2009