Yes, this is a “problem with same-origin policy”. You are making your request either to a different server or to a different port, meaning that it is a cross-site HTTP request. Here is what the documentation has to say about such requests:
Additionally, for HTTP request methods that can cause side-effects on
server’s data (in particular, for HTTP methods other thanGET
, or for
POST
usage with certain MIME types), the specification mandates that
browsers “preflight” the request, soliciting supported methods from
the server with an HTTPOPTIONS
request method, and then, upon
“approval” from the server, sending the actual request with the actual
HTTP request method.
There is a more detailed description in the CORS standard (“Cross-Origin Request with Preflight” section). Your server needs to allow the OPTIONS
request and send a response with Access-Control-Allow-Origin
, Access-Control-Allow-Headers
and Access-Control-Allow-Methods
headers allowing the request. Then the browser will make the actual POST
request.