Newer Version Available
Cross-Domain XHR
Canvas apps are loaded on a Salesforce page in an iFrame. Therefore, the canvas app (in its own domain) can’t make XHR (XML HTTP request) calls back to the *.salesforce.com domain. You can develop and deploy your own proxies as part of the SDK, however, Canvas provides a client-side proxy written in JavaScript. This proxy enables client-side XHR calls back to Salesforce.
If you use this proxy from the client to make an XHR request, the API forwards the request to
the outer iFrame and the request is submitted on your behalf. When the request is complete, the
SDK calls the client’s callback function with the results. Here are some examples of how
you can make XHR calls: