When using CORS (Cross-Origin Resource Sharing) resource sharing with Internet Explorer - does it support Authroization provisioning (i.e. for basic Auth)?
The short answer is no. Longer answer:
Internet Explorer 7 and below does not support CORS
Internet Explorer 8 and 9 has limited CORS support through the XDomainRequest object. The XDomainRequest object does not support custom headers, so it cannot support the Authorization header. (source: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx )
Authorization
The next Internet Explorer 10 will have full CORS support, which includes support for custom headers such as Authorization . (source: http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx )
Any public site that needs to support IE7,8,9 withCredentials is NOT CORRECT CORS. The function is disabled in the Internet zone "Access to data sources through domains". Trusted zone domains can make cross-calls.