As Safari relies on webkit, it seems you'd want to cross-discuss your use case w/webkit instead of here, keeping in mind this statement found at that link...
"Prompts for credentials to load cross-origin subresources are typically seen as unexpected by a person that navigates to- or interacts with- a web page. The cross-origin and implicit loading nature of these subresources makes asking for credentials questionable because they are not being served by the same origin of the page a person explicitly loaded and are not guaranteed to correspond to an explicit user interaction other than the initial load of the page. We know that subresources that ask for credentials can be abused as part of a phishing
attack. It seems reasonable to disallow cross-origin subresources from asking for credentials due to their questionable nature and the risk for abuse. This will also make the behavior of WebKit match the behavior of Chrome."