CORS (Cross-Origin Resource Sharing) enables you to run your app from a domain other than where your web services are being hosted. This has a number of advantages, the least of which is that you can get away from using the kludgey JSON-P proxy and rely on AJAX/REST for all of your get/post server transactions while maintaining the flexibility of launching your app from anywhere (including localhost).
Configuring CORS on IIS 7.5 required setting the following http headers:
We set identical headers for IIS 6, but for some wacky reason that we have yet to discover, we actually had to remove the Access-Control-Allow-Origin entry for it to work. (I think that our .NET webservices might have been sending that along automatically, and duplicating any headers will cause CORS to fail.