AJAX Cross Domain Same Origin Policy limitation

摘自：http://www.ibm.com/developerworks/library/wa-aj-jsonp1/
AJAX Same-Origin Policy(SOP) limitation:
 AJAX prevents cross-domail invokation, there are several ways to by pass this limitation.
1. write a proxy on the server side. The SOP limitation only exists only on the javascript side.  While on the side, we can still invoke the other domail url such as via HttpClient
2. iFrame ( not sure )
3. JSONP(JSON with Padding)
the same-origin policy doesn't prevent the insertion of dynamic script elements into the document. That is, you could dynamically insert JavaScript from different domains, carrying JSON data in them.
<mce:script type="text/javascript"><!--
// This is our function to be called with JSON data
function showPrice(data) {
alert("Symbol: " + data.symbol + ", Price: " + data.price);
}
var url = “ticker.js”; // URL of the external script
// this shows dynamic script insertion
var script = document.createElement('script');
script.setAttribute('src', url);
// load the script
document.getElementsByTagName('head')[0].appendChild(script);
// --></mce:script>
Note that, in order to do this, you must have a callback function already defined in the Web page at the time of insertion.
Beginning with version 1.2, jQuery has had native support for JSONP calls. You can load JSON data located on another domain if you specify a JSONP callback, which can be done using the following syntax: url?callback=?.
AJAX invoke:
jQuery.getJSON("http://www.yourdomain.com/jsonp/ticker?symbol=IBM&callback=?",
function(data) {
alert("Symbol: " + data.symbol + ", Price: " + data.price);
});

Another domain generates json data and returned to client side with callback function.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String jsonData = getDataAsJson(req.getParameter("symbol"));
String output = req.getParameter("