We just overriden this method again the same way and made it do not check any token if frame is loaded from external URL.This solution should work with any external service, not only with Google ReCaptcha

Cross-origin issue is not in network call, but in JavaScript call.We're using JSONP.Returning callback calls google recaptcha API, which inserts an iframe by calling native API method: appendChild.Since granite.js messes with native appendChild, code in original question is called here.IE11 tries to execute the statement: result.contentWindow.documentAnd fails because it is not allowed to access anything within window of an iframe from another domain (google.com).BTW on top of that we have the s...

Proposed solution doesn't work for google captcha specifically, because we need result returned from API call, which fails.