Same Origin Policy
Requests made with XHR (XMLHttpRequest), jQuery, and the Fetch API have to follow the same origin policy, meaning that the request cannot be made for a resource living on another host than the host serving the original request.
The same-origin policy is an important concept in the web application security model.
The same origin security restriction is enforced by all browsers, and protects your browser from 3rd-party JavaScripts (XSS).
Cross-Site Scripting (XSS)
XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites is a major security JavaScript security exploit.