cors - Why does my JavaScript get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not? -

i trying authorization using javascript connecting restful api built in flask. however, when make request, following error:

xmlhttprequest cannot load http://myapiurl/login. no 'access-control-allow-origin' header present on requested resource. origin 'null' therefore not allowed access.

i know api or remote resource must set header, why did work when made request via chrome extension postman?

this request code:

$.ajax({     type: "post",     datatype: 'text',     url: api,     username: 'user',     password: 'pass',     crossdomain : true,     xhrfields: {         withcredentials: true     } })     .done(function( data ) {         console.log("done");     })     .fail( function(xhr, textstatus, errorthrown) {         alert(xhr.responsetext);         alert(textstatus);     }); 

if understood right doing xmlhttprequest different domain page on. browser blocking allows request in same origin security reasons. need different when want cross-domain request. tutorial how achieve using cors.

when using postman not restricted policy. quoted cross-origin xmlhttprequest:

regular web pages can use xmlhttprequest object send , receive data remote servers, they're limited same origin policy. extensions aren't limited. extension can talk remote servers outside of origin, long first requests cross-origin permissions.