I have Grafana set up in a Docker container (grafana/grafana image from Docker repo) with port 3000 forwarded to my localhost. My docker-compose.yml below:

version: '2.1'
services:
  grafana:
    image: grafana/grafana
    ports:
      - 3000:3000

Originally I also have link to Graphite and some volumes and environment configuration (GF_SECURITY_ADMIN_PASSWORD only) but I suppose it does not matter.

I can get a response from Grafana via simple curl call:

$ curl http://localhost:3000
<a href="/login">Found</a>.

But when I am trying to get it via AJAX call, it gives me a weird result:

$.ajax({url: 'http://localhost:3000', beforeSend: function(xhr, settings) {alert('before setting header'); xhr.setRequestHeader('Access-Control-Allow-Origin', '*'); alert('after setting header');}});
[many JSON fields]
responseText:""
[many JSON fields]
statusText: "error"
[many JSON fields]

Alerts says that header is set to accept requests from any origin.

The same happens (curl works but ajax not) when I am calling Docker container address directly.

What happens in the background? Why the second request does not work? How can I get response from Grafana via AJAX call?

The issue is the by default CORS is not enabled on grafana. A curl request doesn't check for CORS but a browser does. It is what protect one site to call API of other sites.

So your solution would be to put a reverse nginx proxy in front of Grafana. Below is the docker-compose.yml for the same

version: '2.1'
services:
  grafana:
    image: grafana/grafana
  nginx:
    image: nginx
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
    ports:
      - "3000:80"

And below nginx config will add CORS to it, but it is very open would allow everyone access

events {
    worker_connections  1024;
}

http {
#
# Acts as a nginx HTTPS proxy server
# enabling CORS only to domains matched by regex
# /https?://.*\.mckinsey\.com(:[0-9]+)?)/
#
# Based on:
# * http://blog.themillhousegroup.com/2013/05/nginx-as-cors-enabled-https-proxy.html
# * http://enable-cors.org/server_nginx.html
#
server {
  listen 80;

  location / {
    #if ($http_origin ~* (https?://.*\.tarunlalwani\.com(:[0-9]+)?$)) {
    #   set $cors "1";
    #}
    set $cors "1";

    # OPTIONS indicates a CORS pre-flight request
    if ($request_method = 'OPTIONS') {
       set $cors "${cors}o";
    }

    # Append CORS headers to any request from
    # allowed CORS domain, except OPTIONS
    if ($cors = "1") {
       add_header Access-Control-Allow-Origin $http_origin always;
       add_header Access-Control-Allow-Credentials  true always;
       proxy_pass      http://grafana:3000;
    }

    # OPTIONS (pre-flight) request from allowed
    # CORS domain. return response directly
    if ($cors = "1o") {
       add_header 'Access-Control-Allow-Origin' '$http_origin' always;
       add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
       add_header 'Access-Control-Allow-Credentials' 'true' always;
       add_header 'Access-Control-Allow-Headers' 'Origin,Content-Type,Accept' always;
       add_header Content-Length 0;
       add_header Content-Type text/plain;
       return 204;
    }

    # Requests from non-allowed CORS domains
       proxy_pass      http://grafana:3000;
  }
}

}

Also for test you should not use

 xhr.setRequestHeader('Access-Control-Allow-Origin', '*');

Remove that and test and it should work