Wait wait WAIT! It is much more complicated than that.
You can make XHR (aka ajax) requests only if the CORS policy allows it (concretely, this local web server you are trying to access is answering with a specific HTTP header saying "I authorize the website xyz.com to send XHR request to me via the web browser of the client of xyz.com).
Now for everything outside of XHR(ajax), you can send different type of requests :
<script src="..."></script> but this let you only load js files.
<img src="..." /> but this lets you only load images, you can't really do much other than try to load images with that.
So if you get into the detail of each "web api" (XHR, <img/>, <script/>, etc) you will see that you are actually very limited.
You can make XHR (aka ajax) requests only if the CORS policy allows it (concretely, this local web server you are trying to access is answering with a specific HTTP header saying "I authorize the website xyz.com to send XHR request to me via the web browser of the client of xyz.com).
Now for everything outside of XHR(ajax), you can send different type of requests : <script src="..."></script> but this let you only load js files. <img src="..." /> but this lets you only load images, you can't really do much other than try to load images with that.
So if you get into the detail of each "web api" (XHR, <img/>, <script/>, etc) you will see that you are actually very limited.