Hi there,

Does anyone know anything about how to make ajax calls which aren't broken by the same origin browser security policy. Please post if you do, my problem is outlined below:

I have my site live but developed it locally.

It is an e-commerce CMS which loads index.php which then loads in all of the modular sections of the store using the system engine.

This is my cross-origin-related problem.

A product search filter throws the error - access is denied when using it to AJAX call a script relative to the root of THE SAME DOMAIN.

All of this functionality works flawlessly on my local copy, it is only the live version which has this bug and after days of this issue I began to strip the system down One or two browsers, Chrome and versions of IE complain about: Origin http://mydomain.com is not allowed by Access-Control-Allow-Origin.

This is definitely a CORS security issue so the only code that is relevant is the AJAX which I have checked and checked.

I have an ssl certificate installed and a dedicated ip I am convinced that it has something to do with the browser getting the wrong idea about the path below being somehow outside of the domain associated with the dedicated ip but as far as I can see there is nothing cross-domain being called?

$.ajax({ url: 'index.php?route=module/banners/FindYourDeal',
data: {"tariff_type": tariff, "brand": brand},
dataType: "json",
type: 'post',
success: function(output) {
// do something

I have already tried all of the following:

1. Using an absolute url breaks firefox but works in IE but the relative version above doesn't work in Chrome or IE 8,9,10
2. Using JsonP but I really don't know if I got that right so I'm open to trying that again.
3. Using the dedicated IP address in an absolute path - didn't work at all.
4. I created a cross-domain.xml file but this seems to do nothing but again I don't know much about it.
5. Writing things in the .ht_access file - unfortunately my apache knowledge is very patchy so any suggestions here would be helpful.
6. Trying to set cross-origin permissions in php headers - I felt even less comfortable doing this as the CMS is complex and as the ajax call is inside of one of the modules, I am unsure of at which point during the loading process to insert these headers.
7. Using the crossDomain: true parameter which does nothing.

Your help would be much appreciated

best regards