HTML Form POST Cross Domain

Question

I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.

Here is the kicker... the html that contains the form isn\'t host

Answer 1

If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.

To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.