HTML Form POST Cross Domain

Question

I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.

Here is the kicker... the html that contains the form isn't hosted on the same server and exists in a different domain. Without bogging down this question with explanation this has to be done for business reasons. They need to exist within these specific domains.

When I submit my form I access the PHP script correctly but then I try and pull out the POST data and it is gone. I'm thinking this is a security problem because I temporarily put the form on the same server as the PHP and it worked fine.

Is there a way that I can get this to work with the two separate domains? Thanks in advance.

Edit:

PHP Code (emailTemplate.php):

<?php
var_dump($_POST);
?>

HTML Form:

<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
    <textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
    <input type="text" id="toAddr" name="toAddr" size="60"/>
    <input type="text" id="fromAddr" name="fromAddr" size="60"/>
    <input type="text" id="subjectLine" name="subjectLine" size="60"/>
    <input type="submit" name="Submit" value="Email Letter">
</form>

Answer 1

If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.

To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.