JavaScript

AJAX cross-domain POST file from JS with tricky restrictions - maybe?

Important clarifications
1) there is no access to the code on the server to which we will post
2) there is no common superdomain, that is, you need to link mysite.com and vk.com
3) you need to get an answer
4) you need to post a file (image)
5) you need cross-browser compatibility , the solution "only for the latest versions of Firefox and Chrome" is not suitable
6) the request must be performed using JavaScript'a ("proxying" the request on our server - as a last resort)

Actually, the task
We are in an IFrame loaded from our server 188.*. *.* to the site vk.com, there is a picture file downloaded from our server, there is a url like "abc.vc.com/upload?...", here you need to upload our file with a POST request to this address.


What I dug up
Googled and dug all day, here are some results (based on the “classification” from here habrahabr.ru/blogs/javascript/120336/ ):

1) postMessage is not cross-browser friendly
2) JSONP, dynamic creation of the script tag, jQueiry.ajax is all just about GET requests
3) CORS - I didn’t quite understand what it is and how it works, but it’s definitely not cross-browser
4) document.domain methods - it only works if there is a common superdomain, it doesn’t fit
5) window.name Transport - I also didn’t quite understand the essence of the method , but the picture cannot be conveyed like that, it seems
6) Server-side proxy - so far this seems to be the only viable option, but I will leave it as a last resort if there is no JS solution
7) CRAZY IFRAME STUFF - a very peculiar hack, but again it seems like a GET request, you can’t post a picture
8) flash - we have a flash drive in the iframe, you can’t post from it, again, because of the security policies - our domain not in "abc.vc.com/crossdomain.xml".
9) easyXDM - not suitable, because there you need access to the code on both servers

. There is a method like this: create a hidden iframe, generate a form and make it submit by specifying this iframe as a target - here, as I understand it, I will not be able to see the answer again due to the difference in domains. Or is that also a solution? Here habrahabr.ru/blogs/development/110506/#habracut does the author seem to have the same task?

In general, so far I see only the option of proxying the request on my server. Well, there is a shaky faith in the hidden iframe. Are there any other options or are such security restrictions not just invented? =)

PS Given the specifics of a particular task (VKontakte application), this option is possible - upload a flash drive to the vk.com server (the address will be something like this: “xxx123.vc.com/qwerty.swf”), load it into an iframe from there and then, when executing the request, theoretically, everything will be ok, because requests from "*.vc.com" are allowed in "abc.vc.com/crossdomain.xml" - also a relatively viable option, but not suitable due to the dependence on VKontakte features, and these developments will still need to be used for other platforms.