+3  A: 

This is from the bottom of the MDC section you linked to:

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *.

I bet you missed this, it's hidden under a couple big example code blocks.

jbalogh  2010-01-14 04:12:49
Yup, that's what I was doing wrong.
David Wolever  2010-01-14 13:50:51

related questions

Firefox vs. IE: innerHTML handling
Firefox add-ons
How do you make a post request into a new browser tab using JavaScript / XUL?
Checking if userinput is a valid URI in XUL
Ubiquity Hack
Printing DOM Changes
HTML Select Tag with black background - dropdown triangle is invisible in Firefox 3
What is your best tool or techniques for getting the same display on IE6/7 and Firefox?
SPAN Height in Firefox
Debugging asp.net with firefox and visual studio.net - very slow compared to IE
How do I write a Firefox Addon?
Is there a way to make Firefox ignore invalid ssl-certificates?
Convince Firefox to send an If-Modified-Since header over HTTPS
Firefox extension for website interaction recording and repetition
Browser Sync accross many machines
Firefox plugin - sockets
Printing Flex components in FireFox 3
Some kind of task manager for JavaScript in Firefox 3?
How to make a Flash movie with a transparent background
Why no favicon for my web site?
FF3 WinXP != FF3 Ubuntu - why?
Firebug won't display console feeds for some of my sites
Upload form does not work in Firefox 3 with Mac OS X
Http Auth in a Firefox 3 bookmarklet
How can I turn a string of HTML into a DOM object in a Firefox extension?