What you are suggesting violates the same-origin policy. http://en.wikipedia.org/wiki/Same-origin_policy
However, it was suggested here (http://community.developer.authorize.net/t5/Integration-and-Testing/DPM-via-AJAX/td-p/26832) that you could hide the request in an iframe to avoid those issues.
I'm ashamed to recommend IFrames as a solution to anything. Remember, they don't always play nicely with older mobile browsers.