add these lines in your application controller it will allow cross domain requests but for security you can define your domain
before_filter :allow_ajax_request_from_other_domains
def allow_ajax_request_from_other_domains
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Request-Method'] = '*'
headers['Access-Control-Allow-Headers'] = '*'
end