Swap out AJAX with basic XDR

[dcramer]

We should change the AJAX call to create an iframe + form and POST to the endpoint, this will allow it to work on non-same-domain installs.

[bkonkle]

I was under the impression that jQuery/Zepto handled cross-domain requests with jsonp, which was one of the major reasons I went ahead and made the code dependent on them. I'll do some more testing next week.

[bkonkle]

Upon further research, I've learned that jQuery handles cross-domain requests with the "Origin" header. If the server responds with an "Access-Control-Allow-Origin" header that matches "Origin", then the cross-domain request is allowed by the browser.

I've submitted a pull request to enable this here: dcramer/sentry#340

[bkonkle]

After enabling preflighted cross-domain requests (dcramer/sentry#346), this now works reliably in Chrome, Firefox, and Safari. I haven't tested it in IE yet, but I plan to. My opinion is that this is the modern way to do cross-domain requests, and we should make iframe + form requests a secondary option.

[dcramer]

Are we ok with just using the origin headers and the public key at this point, or do we need to do some additional work in Sentry core?

[dcramer]

This is no longer a concern