We currently use the jsonp technique to bypass CORS check. This practice has many security concerns (see discussions on MESOS-5911) so we should replace it with a better alternative.
Webui redirection to leader in browser does not work
Mesos Master and Agent http api should support configurable CORS headers
XSS in JSONP parameter