I've been testing a bit more with CORS/cross-origin resource sharing. One problem is that when you make a CORS request which fails (when the server you are sending the request to doesn't return the expected response header Access-Control-Allow-Origin), you will get an HTTP status of 0 (zero) for the request, and the readyState will be 4.
The response headers are not available due to security reasons, therefore there is no way to detect what went wrong. What could be done though is to compare the requesturl of the LzHTTPLoader object and compare the domain contained within requesturl with the domain for document.location. If it's a cross-origin request, the LFC could dump a warning into the Laszlo Debugger that something might have gone wrong with a CORS request. What do you think?
