How to handle cross site Ajax requests is something of a FAQ, so I’m going to attempt to explain the situation and what can be done about it.
Everything about this post assumes a standard web browser reading a standard web page on the Internet.
In other words: If it is on a different site — you can’t read it directly with JS.
It applies to data from XMLHttpRequest, frames, and anything else you care to name.
This may change in the future, but for now the rule stands.
There are two workarounds for this.
As far as the JS is concerned, it is dealing only with its home server.
If you trust the third party completely and have their co-oporation — dynamically generate a <script> element with the src pointing to a URL on their server. This should return some JS — typically a function call containing a JSON object as its sole argument.
var s = document.createElement('script');
s.src = "http://example.com/script.cgi?foo=bar";
With the content of that script being:
You need to write