If you use the Chrome browser to access the page, try adding the following flag to the command used to start Chrome.
--disable-web-security
You will need to shut down all instances of Chrome before this takes effect including the Chrome Notification icon (bottom right bar in Windows).
When Chrome starts up it should notify you that the flag is in effect.
At this point cross origin checking is turned off.
You can use this to verify that this is the problem you are having.
If your backend supports it and you are using datajs for your OData calls, you can try adding
OData.defaultHttpClient.enableJsonpCallback=true;