The error was due to how domains are interpreted. When I was loading the client-side page, I loaded it from 192.168.1.123
, the actual ip address of the server. But it was requesting the server by domain name. Since multiple domains can be on the same server, this (I believe) causes the browser to interpret them as cross-origins and thus rejects it.
When I visited the client page (with the ajax call) at the domain name (http://mysite-example.com
), the ajax call works.
(I can also make it work by adding the header header('Access-Control-Allow-Origin: *');
on the server, but that's not a good idea.)