Essentially what happens is that the remote resource on domain2.com will have to tell the requestor that it accepts requests from domain1. It's some sort of security policy that browsers are strictly applying for the safety of the users and that's why you are not facing it when you tried https://johns518ycd8.robhasawiki.com/user