Is there a mechanism for a gadget to specify the x-domain endpoints it wishes to communicate with? I'd expect the gadget render would supply the correct Access-Control CORS headers. Is there a feature for this already? Is this something that we would want in the spec?
This would probably only work for gadgets rendered as iframes... Not sure how it would apply to gadgets rendered inline and added to an already rendered container page.
