Most of the time, accessing scripts from one domain to another - for instance, from example1.com to example2.com - isn't permitted because the same-origin policy allows scripts to run only if they match in protocol (http vs. https, for example), hostname (example1.com vs. example2.com), and post (port 80 or 443 for http or https traffic, by default). For obvious reasons, browsers enforce these rules to block potentially malicious exploits: it would be a poor sort of Internet on which clicking any link opened up threats from other sites.
Specifically, it is the response from the foreign-site script that our browser prevents us from consuming: Ajax requests to an external site are sent along, but - in the absence of some other mechanism - the response isn't accepted by our browsers.
Of course, there are times when we want to explicitly allow remote access, either sharing our own resources with external sites or purposefully leveraging resources available on foreign sites for our own purposes. In this lesson, we look at two strategies for accessing foreign-site resources: Cross-Origin Resource Sharing (CORS) and JSON with Padding (JSONP).