In his latest post David Müller covers some of the things to consider when working with cross-domain ajax requests including CORS and iframes.
As it is widely known, AJAX Requests are only possible if port, protocol and domain of sender and receiver are equal. [...] Having this cleared out, we will cover ways around this restriction.
He covers three main approaches to allowing these cross-domain requests (and some of the security implications that can come with them):
- CORS (Cross Origin Resource Sharing)
He also briefly mentions things like window.postMessage (HTML5) and the use of a backend script to proxy a request into your application's local code.