How do widgets in Wookie get around same-origin restrictions for Ajax requests?
The Widget javascript object available to running widgets has a proxify() method for just this purpose. Proxify wraps the request in a call to a proxy server.
So proxify("http://example.org/myservice/")
results in a URL like http://my.wookie.org/proxy?url=http://example.org/myservice/&api_key=myapikey
Shindig also uses the same method for OpenSocial applications, and has its own bundled proxy service.
Wookie lets you use either; you can set the value in the widgetserver.properties configuration file.
Wookie's proxy is a bit stricter, as it only allows text, xml or json (not binary), and can also be controlled using a whitelist.