But what, if you really need it? The rescue is Cross-origin resource sharing (CORS). The principle is quite easy: the browser sends with the AJAX request an additional HTTP header:
The server can analyze the header. If it decides to fulfill the request, it adds another header:
Access-Control-Allow-Origin: http://www.foo.comIf the server decides to trust all clients, it can also return
Access-Control-Allow-Origin: *But if you send the AJAX request from a page with origin http://www.foo.com, while the server replies with http://www.bar.com, you cannot read the response.