@Peter Debik I am having the same issue.
Here is a simple example file in my Plesk installation: https://brave-elion.20-100-198-70.plesk.page/jsontest.php
As you can see Access-Control-Allow-Origin header is set to * when this file is served normally. However, if I use the URL in a XHR...