any ideas that could be happening? cors should not be an issue if hosted in the same domain, isnt it?