Originally Posted by Philip M
You cannot upload files to your pages which reside on someone else's domain.
The Same Origin Policy limits any AJAX XMLHTTPRequest browser call to URLs on the same server from which the host page was loaded. This means that it is impossible to make any kind of AJAX-style request to a different site than the one from which the page was loaded.
actually, that's not true. for old browser support, forms are typically used for file uploads, not ajax. Form can point to any url anywhere. the only "restriction" is a warning when submitting to a non-https site from an https site.
in newer browsers, we can use ajax in conjunction with the new FormData() constructor to upload binary files. If the server resides on a different domain, it must opt-in for x-domain ajax2 uploads by specifying POST on the cors's allow, and * on the cors's allow-origin.
cors can be performed on any browser newer than IE7, which at my work's site is 96% of all visitors...
EDIT: to be fair, that includes IOS, which has no files to upload...