This is why we have implementented the proxy pattern to provide cross-domain AJAX.
What’s more, we have opened this to anybody willing to use our infrastructure.

Include our cross-domain xhr javascript and:

1) keep using the XMLHttpRequest object as usual – just, it’s cross-domain enabled

2) you can make both GET and POST request… which is vital considering that GET is limited in lenght!

3) our proxy does implements a cache (squid based) to improve performance

4) our proxy can take care of cookies, mandatory for some websites

5) we have an improved cross-domain security model, the developer has to declare which sources his application is going to connect to so that the user know what’s going on. It’s not a perfect solution, but it’s a little improvement.

I can’t disclose much more yet, but we also are working on a pure client side solution which overcomes potential proxy issues, but we do believe the Proxy solution is a feasible one!

Please have a tour on our Mixendo Developers Website to learn more about our MiXHR Service and other upcoming cross-domain/mash-up solutions.

@ragjunk-You’re right, the server has to grant permission. But that’s specifically the reason, the point. Technologies which permit or encourage totally unrestricted x-domain access are far less secure. And, with window.name, as kriszyp says, the server *does* have to opt-in, so it’s a good thing.

But, more importantly for the open web revolution, for sites which want to publish their content to anyone, and it’s safe for them to do so, they can use a “*” policy in their crossdomain.xml, which allows anyone to access it, without worrying about needing to specifically grant permission to each domain.

How to run an remote Ajax RIA application from a single local disk html file.