THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
How do widgets in Wookie get around same-origin restrictions for Ajax requests?
The Widget javascript object available to running widgets has a proxify() method for just this purpose. Proxify wraps the request in a call to a proxy server.
So proxify("http://example.org/myservice/") results in a URL like http://my.wookie.org/proxy?url=http://example.org/myservice/&api_key=myapikey
Shindig also uses the same method for OpenSocial applications, and has its own bundled proxy service.
Wookie lets you use either; see the widgetserver.properties configuration file. This contains instructions for specifying either no proxy, the Wookie service, or the Shindig one (assuming its available).
Wookie's bundled proxy servlet is a bit stricter than the one bundled in Shindig, as it only allows text, xml or json (not binary), and can also be controlled using a whitelist set up by the Wookie administrator.