I'm trying to consume a WCF service by using JQuery but I'm confused.
I have found many sites telling me to use JSONP to workaround same-origin policy and than to set crossDomainScriptAccessEnabled to true.
Is it secure to set crossDomainScriptAccessEnabled to true?
Is there another way to consume the WCF service?
The Cross Domain Policy is there to prevent service not designed for it to be used wrongly.
You can use JSONP only with the GET verb.
If the WCF service is well implemented, you shouldn't be able to update the database with a GET but only with POST/PUT/PATCH/DELETE verbs.
If you can use JSONP do it, it is simple and easy: http://learn.jquery.com/ajax/working-with-jsonp/
To be able to use the WCF service with CORS, the WCF service must implement it so yes it is safe to use crossDomainScriptAccessEnabled to true.
You probably want to have a look at: http://www.bendewey.com/index.php/186/using-jsonp-with-wcf-and-jquery