According to Apple themselves, at this link http://developer.apple.com/internet/webcontent/xmlhttpreq.html
(under Security Issues), the XMLHttpRequest object cannot be used to make cross-domain requests. However, I've seen tutorials like this http://www.oreillynet.com/pub/a/mac/2005/06/07/dashboard.html
and actual working dashboard widgets like Twidget (http://www.frankmanno.com/widgets/twidget/
) that use the object to call web services on another domain.
So, needless to say, I'm confused. Does Safari/Dashboard/WebKit somehow proxy the request? If I download Twidget and run it in Safari, it works fine, but if I run it in Firefox using Firebug, it gives me a Permission Denied error in the console when trying to make the XMLHttpRequest.