MediaWiki version: 1.31.1
More background on this issue here: https://phabricator.wikimedia.org/T207872
ForeignApi always adds the origin parameter, even if the other wiki is on the same domain. The issue is that no Origin header is sent if the remote API is on the same domain, and the request is rejected by MW because the origin parameter and the Origin header must be identical.
For example, I have VisualEditor 0.1.0 (13a585a) set up with the upload dialog configured ($wgForeignFileRepos and $wgForeignUploadTargets). The upload dialog won't load because two API queries (meta=userinfo&uiprop=groups%7Crights and meta=siteinfo&siprop=uploaddialog) specify the origin parameter but contain no Origin header.
If I comment out the bit that adds the origin parameter, I get the first part of the upload dialog to display, but when I select a file and submit it for upload, the POST API query fails because this time, it contains an Origin header (go figure).
So it looks like ForeignApi simply won't work with wikis on the same domain.
For the record, I'm using Chrome 70.0.3538.77 in case this is browser-dependent.