Maybe someone will need this !
Thank's to TonyArra I found the answer:
since the server and the request script was on 2 different domains here is the solution:
add this on server (using laravel i added this code in the constructor of the restful controller):
$http_origin = $_SERVER['HTTP_ORIGIN']; //if you trust origin set header else verify source //if ($http_origin == "http://www.domain1.com") header("Access-Control-Allow-Origin: $http_origin");