Hi I'm in the process of authenticating a user via OAuth 2.0 and I'm getting a Access-Control-Allow-Origin error (XMLHttpRequest cannot load https://www.box.com/api/oauth2/token. Origin http://localhost is not allowed by Access-Control-Allow-Origin.) when making the following POST request:

var xhr=new XMLHttpRequest();
xhr.open('POST',path,true);
xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xhr.onload = function() {
    var text = xhr.responseText;
    alert('Response from request to ' + path + ': ' + text);
};
xhr.onerror = function() {
    alert('Woops, there was an error making the request.');
};
xhr.send(params);

Any help would be greatly appreciated! I've looked into CORS, JSONP, and adding callback=? to the url but nothing I've tried is working.

http://developers.box.com/docs/

The Box API supports CORS on an app-by-app basis. If you’re building an application that needs CORS, please contact us with a description of your use case.

The other way to do this is to use YQL as it is described by their devs in the FAQ.