Prototype Ajax request limitation?

I am learning about he Prototype Ajax API. I was reading their documentation and I saw this:

Remember that for security reasons (that is preventing cross-site scripting attacks) Ajax requests can only be made to URLs of the same protocol, host and port of the page containing the Ajax request. Some browsers might allow arbitrary URLs, but you shouldn't rely on support for开发者_开发百科 this.

So does this mean that I can't make requests to a backend of one app from another of my apps? Or am I just misunderstanding this. I would really appreciate some clarification for a new javascript learner, like me. Thanks

This is the same domain origin policy. This is enforced by web browsers, for security reasons.

In short, without this restrictions, ajax requests would allow you to retrieve any web page on the behalf of the user. This would allow you to read his emails if he was logged-in on his webmail.

Take a look at JSONP, for doing cross-domain ajax requests. (Notice the P in JSONP.)

This seems to be adding JSONP support to Prototype: http://dandean.com/jsonp-for-prototypejs/