f0t0n/cross_domain_ajax_post_handler.php

## cross_domain_ajax_post_handler.php
<?php
// domain => apiKey dictionary
$allowedDomains = array(
    'domain-from.com' => 's0m3d0ma1n1d',
);
$host = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
if(!empty($host)
        && isset($allowedDomains[$host])
        && isset($_POST['apiKey'])
        && $allowedDomains[$host] == $_POST['apiKey']) {
    $headers = array(
        'Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN'],
        'Access-Control-Allow-Methods: POST, GET, OPTIONS',
        'Access-Control-Max-Age: 1000',
        'Access-Control-Allow-Headers: Content-Type',
    );
    foreach($headers as $header) {
        header($header);
    }
}
var_dump($_GET, $_POST);
	<?php
	// domain => apiKey dictionary
	$allowedDomains = array(
	'domain-from.com' => 's0m3d0ma1n1d',
	);
	$host = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
	if(!empty($host)
	&& isset($allowedDomains[$host])
	&& isset($_POST['apiKey'])
	&& $allowedDomains[$host] == $_POST['apiKey']) {
	$headers = array(
	'Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN'],
	'Access-Control-Allow-Methods: POST, GET, OPTIONS',
	'Access-Control-Max-Age: 1000',
	'Access-Control-Allow-Headers: Content-Type',
	);
	foreach($headers as $header) {
	header($header);
	}
	}
	var_dump($_GET, $_POST);