And you have to specify xhr.withCredentials to send cookies. So this works if the user is logged in to the 'remote' web server. I don't know if all browsers support this.

xhr.open('POST', 'http://lk:8080/labkey/_webdav/home/%40files/2.jpg?method=DELETE');
xhr.withCredentials = true;
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = someHandler;
xhr.send();