node.js - Cross-Origin Request Blocked:(Reason: CORS request failed) in backbone.js app deployed to heroku -

i have built backbone.js based app , deployed heroku @ link(https://prototypeapp.herokuapp.com) face strange issue: when request app in browser,the part of code related backbone.js doesn't work , web console of firefoxe browser display following error: " cross-origin request blocked: same origin policy disallows reading remote resource @ https://localhost:8080/timeline. (reason: cors request failed)." despite app working locally. have read problem nothing me solve it. me know reason of problem , how fix ?? server.js code follows:

/** * simple api hosted under localhost:8080 */ var express = require('express'); var app = express();  var twit = require('twit')  var client = null;   function connecttotwitter(){  client = new twit({   consumer_key:         '*******' , consumer_secret:      '*******' , access_token:         '*******' , access_token_secret:  '*******' }); }  //get app connect twitter.  connecttotwitter();  app.set('port', (process.env.port || 8080));   /**     * account settings user id provided.   **/  app.get('/profile/:id', function(request, response){   response.header('access-control-allow-origin', '*');    client.get('users/show', {screen_name:request.params.id},   function (err, reply) {    if(err){     console.log('error: ' + err);     response.send(404);    }   if(reply){    // console.log('reply: ' + reply);     response.json(reply);   }    }); });    /**  * runs search given query    **/  app.get('/search/:query', function (request, response) {  response.header('access-control-allow-origin', '*');  //search term  var searchterm = request.params.query;  client.get('search/tweets', { q: searchterm, count: 20 }, function(err, reply) {    if(err){     console.log('error: ' + err);     response.send(404);    }   if(reply){    // console.log('reply: ' + reply);     response.json(reply);   }    });  });  /**  * returns twitter timeline current user   **/  app.get('/timeline', function (request, response) {    response.header('access-control-allow-origin', '*');   client.get('statuses/home_timeline', { count:6 },  function (err, reply) {    if(err){     console.log('error: ' + err);     response.send(404);    }   if(reply){  //   console.log('reply: ' + reply);     response.json(reply);   }   });  });   var allowcrossdomain = function(req, response, next) {  response.header('access-control-allow-origin', "*");  response.header('access-control-allow-methods',   'options, get,put,post,delete');  response.header('access-control-allow-headers', 'content-type,  authorization, content-length, x-requested-with');    if ('options' == req.method) {     response.send(200);   }   else {    next();  }  };   app.configure(function() {  app.use(allowcrossdomain); //parses json object given in body request app.use(express.bodyparser()); app.use(express.methodoverride()); app.use(app.router); app.use(express.static('client')); app.use(express.errorhandler({ dumpexceptions: true, showstack: true }));   });  //start server app.listen(app.get('port'), function() { console.log('node app running on port', app.get('port')); }); 

my timeline collection follows:

 define(['backbone', 'app/model/tweet'], function(backbone, tweet) {  var com = com || {}; com.apress = com.apress || {}; com.apress.collection = com.apress.collection || {};   com.apress.collection.timeline = backbone.collection.extend({  //the model collection uses model: tweet,  //the server side url connect collection url: 'https://localhost:8080/timeline',  initialize: function(options){     //anything defined on construction goes here },    });  return com.apress.collection.timeline;  });  

localhost means, essentially, 'my own computer.' you're running web server on internet - not computer - connecting url: 'https://localhost:8080/timeline' doesn't make sense. it's better use relative url /timeline.