I investigated a bit and here are some alternatives I found for this problem.
The main issue with JSONP is that it doesn’t support HTTP POST (only HTTP GET). Another potential problem with JSONP is that it is not asynchronous, which means that it would probably block browser which would lead to poor user experience.
Cross-origin resource sharing (CORS) is a new standard that allows cross-domain Ajax calls. The main issue is that not all main browsers are supported. The biggest problem is partial support in IE8/9 of which next limitations are the biggest problem:
- Only text/plain is supported for the request's
- No authentication or cookies will be sent with the request
Although iFrames have cross domain restrictions like Ajax, they are much more flexible, so hidden iFrame can be used to enable cross-domain Ajax. 3rd party web page could load our special iFrame for that could execute Ajax calls on behalf of 3rd party page because it is on the same domain as our API, and then it can send data back to page. For cross origin iFrame communication, Window.postMessage can be used or easyXDM library if older browsers need to be supported.