The test cases at http://www.mnot.net/javascript/xmlhttprequest/ show that XHR, when following a 301/302 redirect, changes the method to GET. According to RFC 2616, Sections 10.3.2 and 10.3.3 (http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.10.3), this is a bug. That being said, it's understood that rewriting *POST* is required for compatibility with existing content. However, this does not seem to be the case for other methods, as IE restricts the conformance violation to POST and apparently gets away with it. Please consider tightening the implementation.
The test is no longer present, but I'm pretty sure this got resolved.