No. (But I have a real explaination)
The "rules of the road" for "cross-domain requests" are generally governed by the "Same Origin Policy" (see: The W3C Commentary, Wikipedia, Google Browser Security Handbook, Mozilla Developer Network)
The W3C specifically states that:
An origin is defined by the scheme, host, and port of a URL.
According to this definition, even requests from foo.com
to bar.foo.com
would be blocked.
In your example, you suggest that creating a CNAME
for bar.foo.com
which points at bar.com
(I'm assuming you had a typo) should allow requests to bar.com
via bar.foo.com
. But, as I stated above, even requests originating from foo.com
would be blocked on the client side from making HTTP requests to bar.foo.com
.
Mozilla's page even has this specific example:
Mozilla considers two pages to have the same origin if the protocol,
port (if one is specified), and host are the same for both pages. The
following table gives examples of origin comparisons to the URL
http://store.company.com/dir/page.html:
URL | Outcome | Reason
http://store.company.com/dir2/other.html | Success
http://store.company.com/dir/inner/another.html | Success
https://store.company.com/secure.html | Failure | Different protocol
http://store.company.com:81/dir/etc.html | Failure | Different port
http://news.company.com/dir/other.html | Failure | Different host