JSONP is considered by most to be a hack and a security risk. CORS is extremely easy to implement, as it only requires you to send some headers to the browser. For example, in a node app I recently wrote, adding CORS was just a matter of adding these lines:

  var allowCrossDomain = function(req, res, next) {
    aptUtil.log('using cors to allow for cross domain xhr');
    res.header('Access-Control-Allow-Origin', '*'); //any domain can submit requests to us.
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'Content-Type');

    next();
  }; app.use(allowCrossDomain);