Solution:
So, after testing a bit more I found that it was actually a pretty silly fix. By changing the header on the server’s script it allowed access to it from a different host.
header('Access-Control-Allow-Origin: *'); // for any host
header('Access-Control-Allow-Origin: myhost.com'); // specific host