Some browser like Chrome and Safari doesn't allow cross-origin request because users have to respect the same origin security policy. But which are the real risk allowing this? I mean, what kind of attack an hacker would be able to do without the same-origin-security-policy?
Well actually all browsers comply with the same-origin policy. The reason for it is that if the policy didn't apply, upon visiting evil site, that site would essentially control your browser, could take use of any active sessions and cookies etc. You would be able to make ajax requests to any website the person is logged in using his session and perform virtually any task you'd like. You could also make requests to different ports, which again could be abused, used to make zombies, and hundreds other things more creative people would think off...
Essentially the integrity of all your session would be gone upon visiting a any site.
I would suggest reading this for a detailed explanation of the issue.