Difference between Firefox and Chrome handling of CORS

In Cross-Origin Resource Sharing: Why can cookies and authentication information not be provided by the script author for the request? This would allow dictionary based, distributed, cookies / user credentials search. If you send a username and password when using withCredentials, then XMLHTTPRequest.send(...) will fail in Firefox 4, but not on Chrome 11.0.696.16 dev. Removing the username and password will make it work on both of them. I haven’t tested other versions....

March 31, 2011