The XMLHttpRequest object (also known as the XMLHTTP object in Internet Explorer) is at the core of today’s most exciting AJAX web applications. But actually writing client web applications that use this object can be tricky given restrictions imposed by web browsers on network connections across domains. This HOWTO provides describes the issue in simple, easy to understand language and provides one possible solution: a web proxy that relays network requests from your web server to services such as the Yahoo! Web Service APIs.
All modern web browsers impose a security restriction on network connections, which includes calls to XMLHttpRequest. This restriction prevents a script or application from making a connection to any web server other than the one the web page originally came from (Internet Explorer will allow cross-domain requests if the option has been enabled in the preferences). If both your web application and the XML data that application uses come directly from the same server, then you do not run into this restriction.
If, however, you serve your web application from one web server and you make web service data requests to another server — for example, to the Yahoo! Web Services — then the browser prevents the connection from being opened at all. Bummer.
There are a number of solutions to this problem but the most commonly-used one is to install a proxy on your web server. Instead of making your XMLHttpRequest calls directly to the web service, you make your calls to your web server proxy. The proxy then passes the call onto the web service and in return passes the data back to your client application. Because the connection is made to your server, and the data comes back from your server, the browser has nothing to complain about.