Index: core/kernel/application.php
===================================================================
--- core/kernel/application.php
+++ core/kernel/application.php
@@ -1826,10 +1826,10 @@
 			if ( !$base_url ) {
 				$ssl_url = $this->siteDomainField('SSLUrl');
 				$base_url = $ssl_url !== false ? $ssl_url : $this->ConfigValue('SSL_URL');
-			}
+		}
 
 			return rtrim($base_url, '/') . $prefix . '/';
-		}
+	}
 
 		// going from https:// to http://
 		$domain = $this->siteDomainField('DomainName');
@@ -1911,8 +1911,8 @@
 				return;
 			}
 			else {
-				if ( $this->GetVar('ajax') == 'yes' && $t != $this->GetVar('t') ) {
-					// redirection to other then current template during ajax request
+				if ( $this->GetVar('ajax') == 'yes' && ($t != $this->GetVar('t') || !$this->isSOPSafe($location, $t)) ) {
+					// redirection to other then current template during ajax request OR SOP violation
 					kUtil::safeDefine('DBG_SKIP_REPORTING', 1);
 					echo '#redirect#' . $location;
 				}
@@ -1944,6 +1944,34 @@
 
 		ob_end_flush();
 		exit;
+	}
+
+	/**
+	 * Determines if real redirect should be made within AJAX request.
+	 *
+	 * @param string $url      Location.
+	 * @param string $template Template.
+	 *
+	 * @return boolean
+	 * @link   http://en.wikipedia.org/wiki/Same-origin_policy
+	 */
+	protected function isSOPSafe($url, $template)
+	{
+		$parsed_url = parse_url($url);
+
+		if ( $parsed_url['scheme'] . '://' != PROTOCOL ) {
+			return false;
+		}
+
+		if ( $parsed_url['host'] != SERVER_NAME ) {
+			return false;
+		}
+
+		if ( defined('PORT') && isset($parsed_url['port']) && $parsed_url['port'] != PORT ) {
+			return false;
+		}
+
+		return true;
 	}
 
 	/**