The General Solution:
Cross-Origin Resource Sharing (Recommended)
Cross-Origin Resource Sharing (CORS) is a web browser technology specification, which defines ways for a web server to allow its resources be accessed by a web page from a different domain. Such access would otherwise be forbidden by the same origin policy. This is available on the latest browsers including Firefox 3.5+, WebKit based browsers including Safari 4+, Chrome 3+, and IE8+ (using a special IE only XDomainRequest object). The CORS request requires the use of an origin header and the server must supply a special access-control-allow-origin header confirming that the communication is allowed. Dojo supports the basic AJAX support for this natively, but it appears that special handling will need to be written to support IE’s XDomainRequest Object.
Cross-document messaging (web messaging)
CDM is an API introduced in the WHATWG HTML5 draft specification, allowing documents to communicate with one another across different origins, or source domains. It uses HTML5’s postMessage method to allow plain text messages to be sent from one domain to another. This option is only available for the latest browsers. It isn’t very RESTful and although it is perfect to send simple string messages, it is not viable as a means to transport large chunks of structured data.
Old School Workarounds:
Script tag GET
HTML forms do not adhere to the same origin policy and can perform HTTP POSTs of information to other domains. Sounds like a lot of work to manage and could easily become a mess.
A loophole that uses nested iframes to communicate using DOM access. This was the preferred workaround for a long time until CORS. The models for this make my head hurt. This method is not clean and would be difficult to manage.
This method sets the window name of a child window to a JSON string that can be retrieved and parsed. The frame can be POSTed to for communication and return responses via the window name. This feels really messy.
Using flash as a cross-domain proxy is an available option. I think the problems here are obvious as it is in the title.
There are libraries available to us that will use CORS for modern browser and fall back to the hack work arounds in order to provide a full array of cross-browser support. These might be a great option if you need an option to support legacy browsers.