google chrome - Cross Domain request withCredentials not working in Firefox -

i'm building backbone.js app talk api i've built.

the api sits on api.foo.com website on web.foo.com

im managed cors working appropriate header fields in apache

header set access-control-allow-origin "http://web.foo.com" header set access-control-allow-methods "get,put,post,delete,options" header set access-control-allow-headers content-type header set access-control-allow-credentials "true" header append access-control-allow-headers origin header append access-control-allow-headers accept header append access-control-allow-headers x-requested-with 

and setting xhrfields to

    f = { withcredentials: true}      params.xhrfields = f;      // make request, allowing user override ajax options.     $.ajax(params); 

this works chrome. im post api.foo.com/sessions login, cookie , request api.foo.com cookie.

unfortunately when switched firefox 10.0.7, didnt work. withcredentials didnt seem jquery pick cookie , use it.

unlike questions relating on stackoverflow, not 1 off, need work consistently across browsers (i havent got ie yet).

im using

backbone.js 0.9.1 jquery 1.7.1 require 1.0.7 underscore 1.3.1

works on

chrome 17.0.963.65

doesnt work on firefox 10.0.2

can me?

just thought i'd update question ended doing. feeling cors not easy thing still (for security reasons). answers on subject come down "proxy or cors" without explanation of how easy proxy is. below needed put in website apache file playing niceley

    proxypass /api http://api.foo.com/     proxypassreverse /api http://api.foo.com/  <location /api>     order allow,deny     allow </location> 

what request going web.foo.com/api, apache automatically proxy passes api.foo com. means no need cors headers, , cookies work fine.

it means still have api.foo.com running other software isn't javascript query

this easy way resolve need cors stuff while still separating inhouse api front-ends.