Browser impose the Same origin policy on JavaScript running inside a web page. It means that your code cannot access a resource through XMLHttpRequest that belongs on another server, even when it's in the same domain. This is a good thing, and the way to get around it in production environments is to use some kind of proxy if you're trying to channel a trusted resource. I've done this on a couple of occasions so that my apps could access a web service that is physically located elsewhere.
When developing your code, however, this can be a real pain in the butt. You might want to access the production web service, or just want to play around and prove that what you want to do is possible. I've recently discovered a much easier solution than the others I've used before.
This little snippet of JavaScript causes a popup in the browser, but then allows you to make an XMLHttpRequest to any domain you like. Very handy for testing!
// This sneaky bit tries to disable the Same Origin Policy if (navigator.userAgent.indexOf("Firefox") != -1) { try { netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); } catch (e) { alert("Permission UniversalBrowserRead denied -- not running Mozilla?"); } }
Tip of the hat to miek on this Stack Overflow question.