Script in Question: http://samples.geekality.net/image-fetcher/
I used part of this script to extract images on a site of mine from another on separate domains and servers. I had to go to the one being scraped and add a CORS header "Access-Control-Allow-Origin" to allow my specific domain to do the AJAX $ .post and actually receive data.
The script above does not require any site to have the CORS header for security. As far as I can tell I’m doing nothing different.
I have an HTML form then I’m grabbing the field data with jQuery and doing a $ .post where the action is a PHP file that uses DomDocument to grab the HTML. The PHP then sorts through the data and echoes a JSON object. Then the jQuery sorts it all out and displays it on the page. Same thing they’re doing.
I can’t see how they’re getting around the need for a "Access-Control-Allow-Origin" header on the site they’re grabbing images from?
Thanks for your time and energy in this!