Relaxing same-origin policy

Question

According to this Wikipedia article, there are three methods of relaxing the SOP. However, the article doesn't discuss the advantages nor drawbacks of any of them.

1. Setting document.domain property
2. Switching to Cross-Origin Resource Sharing
3. Implementing Cross-document messaging

I wonder which one to pick. Sre all of them implemented today? Are they supported? When to pick which? What to look up for when using them? Etc.

Answer 1

1. You cannot set document.domain property directly ( browser does that for you ) or am I missing something? This would be a serious security issue. Thus this is not really an option for cross-origin scripting.
2. The way to go if you intend to communicate with different domains from one iframe ( basically making cross-domain AJAX calls ).
3. This allows you to communicate between iframes inside one page. If you only need that, then this is a way to go. Read also this for more details: Benefit of CORS over cross-domain messaging

All of them are implemented in all major browsers. All are supported. Which one to pick? If you have access to the server side, then CORS is my prefered way to go. At the end of the day it depends on exactly what you want to do.