Cross-domain policies restricts downloading content from another domain:
http://mysiteA.com <--NO--> http://myothersite.com
But is downloading from the same domain via a different protocol allowed and would it work (can someone test) in everyday web browsers?
http://mysite.com <--?--> https://mysite.com
So you're confused. This is not XSS, but cross domain access - XSS is a security vulnerability where you are echoing user input back into an HTML page without encoding it.
What you are asking about is cross domain access, presumably from Ajax, but perhaps from Silverlight or Flash.
If this is so the answer is no, because the protocol is different, one site has HTTP, one site has HTTPS. You can only access resources where the protocol, the domain name, and the network port ALL match.