Learning is a very tight journey that never ends. Recently I faced an error never met before, on accessing a resource on a different domain via HTTP.
The error was about a browser block because of a missing header in the response, so digging about this thing I came up with its explanation, that you can find here .
This involves CORS (Cross-Origin Resource Sharing) and it restricts access to resource on the server, if they are made from scripts in different domains, for security reasons.
So if you are building an API and you want to consume it from a different domain, you must place an additional header in the response to allow the browser to get the data.
Fairly simple you should put
header('Access-Control-Allow-Origin', '*') in your response headers, and replace
* with the domain(s) you want to allow, if you want to enable only a few domains (
* means anyone can access it).