Is http://api.xxx.com/ part of your domain? If not, you are being blocked by the same origin policy.
You may want to check out the following Stack Overflow post for a few possible workarounds:
More Related Contents:
- How can I upload files asynchronously with jQuery?
- No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
- Add a “hook” to all AJAX requests on a page
- Upload file with Ajax XMLHttpRequest
- Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
- HTTP HEAD Request in Javascript/Ajax?
- Prevent redirection of Xmlhttprequest
- Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
- What do the different readystates in XMLHttpRequest mean, and how can I use them?
- Show a progress bar for downloading files using XHR2/AJAX
- WebKit “Refused to set unsafe header ‘content-length'”
- How to get response url in XMLHttpRequest?
- Fetch API vs XMLHttpRequest
- Intercept fetch() API requests and responses in JavaScript
- Cross-site XMLHttpRequest
- How can I modify the XMLHttpRequest responsetext received by another function?
- XMLHttpRequest to Post HTML Form
- Get HTML code using JavaScript with a URL
- Is it possible for XHR HEAD requests to not follow redirects (301 302)
- Cross-Origin XMLHttpRequest in chrome extensions
- How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
- Ajax – 500 Internal Server Error
- responseXML always null
- Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
- Reuse XMLHttpRequest object or create a new one?
- Opinion about synchronous requests in web workers
- Differentiating Between an AJAX Call / Browser Request
- Adding X-CSRF-Token header globally to all instances of XMLHttpRequest();
- XmlHttpRequest.responseText while loading (readyState==3) in Chrome
- XMLHttpRequest testing in Jest