At its simplest, cross-domain access involves getting data from one web site and displaying it within a page from a different web site.
In more complex scenarios, it involves constructing business process that both read and update data on different web sites including sensitive data that may be tied to the specific user who is performing the transaction.
Example: A page served from site A displays information about a cause.
Cross-domain access can be difficult to manage because it must be handled securely. When a request comes to site B from a page on site A, it looks to site B as if it came directly from the browser of the user accessing site A. The content from a web server is a mixture of instructional code (e.g. JavaScript) and data (e.g. HTML content). If the browser gave different sites access to each other's content, a malicious site could steal or manipulate data purportedly coming from a trusted site. To prevent this, web browsers enforce a "same origin" policy:
Luminate Online API methods support the W3C Cross-Origin Resource Sharing (CORS) specification for client-side cross-origin requests. You must white-list any allowed origins for cross-origin requests in your site configuration.