Same-origin policy disallows running JavaScript to read media DOM elements or XHR data fetched from outside the page’s origin. The aggregation of the site’s scheme, port number and host name identifies as its origin.Certain “cross-domain” requests, notably Ajax requests, however, are forbidden by default by the same-origin security policy.
Solutions
1. JSONP (JSON with Padding) is used to request data from a server residing in a different domain than the client. But can cause cross site scripting (XSS) issues when external site is compromised. And due to inherent insecurities, JSONP is being replaced by CORS .
2. CORS (Cross-Origin Resource Sharing) is a mechanism that allows restricted resources (eg. fonts) on a web page to be requested from another domain outside the domain from which the first resource was served. For CORS to work, the REST API server must support CORS by setting the “Access-Control-Allow-Origin” things.
Refer for more details : StackOverFlow
My Life as a Software Engineer 