Fixing AJAX: XMLHttpRequest Considered Harmful

But the kind of AJAX examples that you don’t see very often (are there any?) are ones that access third-party web services, such as those from Amazon, Yahoo, Google, and eBay. That’s because all the newest web browsers impose a significant security restriction on the use of XMLHttpRequest. That restriction is that you aren’t allowed to make XMLHttpRequests to any server except the server where your web page came from.

<snip />

Solutions

• Application proxies. Write an application in your favorite programming language that sits on your server, responds to XMLHttpRequests from users, makes the web service call, and sends the data back to users.
• Apache proxy. Adjust your Apache web server configuration so that XMLHttpRequests can be invisibly re-routed from your server to the target web service domain.
• Script tag hack with application proxy (doesn’t use XMLHttpRequest at all). Use the HTML script tag to make a request to an application proxy (see #1 above) that returns your data wrapped in JavaScript. This approach is also known as On-Demand JavaScript.