According to Requests with credentials, Firefox will only send credentials along with cross-domain posts if
invocation.withCredentials = "true";
is set… But it doesn't seem like jQuery's Ajax API provides any mechanism for this.
Is there something I've missed? Is there some other way I can do it?