You cannot get around cross-domain origin with XHR (well, only in Firefox 3.5 with user permission, not with a good solution). Technically, switching from port 80 (http) to 443 (https) violates this policy (it must be the same domain and port). Here is an example of the specification sites themselves - http://www.w3.org/Security/wiki/Same_Origin_Policy#General_Principles .
Have you looked at JSONP ( http://en.wikipedia.org/wiki/JSON#JSONP ) or CSSHttpRequests ( http://nb.io/hacks/csshttprequest )?
JSONP is a way to add a <script> to a page with a predefined global domain callback (since you can put <script> src anywhere on the Internet). Example:
<script> function globalCallback (a) { }
And then you paste the <script> into your other domain, for example:
var jsonp = document.createElement('script'); json.setAttribute('src','http://path.to/my/script'); document.body.appendChild(jsonp); </script>
And in the source of the external script, you should call the globalCallback function with the data you want to pass, for example:
globalCallback({"big":{"phat":"object"}});
And you will get the data you need after running the script!
CSSHttpRequests is a bit more hack, so I never had to use it, but feel free to try it if you don't like JSONP, :).