We are making a ajax request (XMLHttpRequest) over https. The browser is Google Chrome and server has a self signed certificate. Once in a while, the request returns a response with readyState = 4 and status = 0. On refreshing the page, everything working fine. Is this a google chrome issue with self signed certificates.

I've come across this before and believe it's related to Access-Control-Allow-Origin. I'd expect it to be a consistent problem rather than something that happens occasionally, though.

Are you serving your frontend and backend on different addresses/ports/vhosts?

Incidentally, here's the portion of my API that handles CORS. It's in Go (with vestigo), but should be easily translateable to whatever platform you're working with:

    if config.CORSEnabled {

        Warning.Println("CORS is enabled, origin:", config.CORSOrigin)

        r.SetGlobalCors(&vestigo.CorsAccessControl{
            AllowOrigin:      []string{"*", config.CORSOrigin},
            AllowHeaders:     []string{"Authorization"},
            AllowCredentials: true,
            MaxAge:           3600 * time.Second,
        })

    }