JS cross-origin post parameters and control the current page display

AJAX can post parameters, but cannot cross-Origin
Use the src attribute of the script tag. the src attribute of the image object can be cross-origin, but only get parameters can be used.
There are only two methods to use JS cross-origin:
1.Local Domain proxy: Ajax sends a post parameter to a file in the current domain. The file then interacts with files in other domains.
2.IFRAME: JS dynamically generates a hidden IFRAME, inserts a form in this IFRAME, uses js to submit the form to a file in another domain, receives the submitted file, and outputs Js, use parent in JS to operate the DOM object of the current page
Recently, a voting system has a question bank that can call this question bank in other systems and present these questions to users. These questions include single choice, multiple choice, and question answering. When other systems submit the voting results to the voting system, because the two systems may not be in the same domain, cross-origin submission is required because the answer to the question may be long, the URL length is exceeded, so the POST method is used. To enable cross-origin post submission to be performed without user perception, JS is required. JS cross-origin post submission, including local domain proxy and IFRAME. The method of proxy in this domain is complicated to implement. If the voting interface system is changed, you need to write proxy in the new system. IFRAME methods have good reusability. However, the construction process of the post parameter is completely visible, and hackers may initiate attacks by submitting the parameter cyclically.