Origin null
is the local file system, so that suggests that you’re loading the HTML page that does the load
call via a file:///
URL (e.g., just double-clicking it in a local file browser or similar).
Most browsers apply the Same Origin Policy to local files by disallowing even loading files from the same directory as the document. (It used to be that Firefox allowed the same directory and subdirectories, but not any longer.
Basically, using ajax with local resources doesn’t work.
If you’re just testing something locally that you’ll really be deploying to the web, rather than use local files, install a simple web server and test via http://
URLs instead. That gives you a much more accurate security picture. Your IDE may well have some kind of server built in (directly or via an extension) that lets you just hit “run” in the IDE and have the server fired up and serving the file.