diff --git a/app/Http/Controllers/OnlinePaymentController.php b/app/Http/Controllers/OnlinePaymentController.php
index 96ed44a0d277..9884b51401fb 100644
--- a/app/Http/Controllers/OnlinePaymentController.php
+++ b/app/Http/Controllers/OnlinePaymentController.php
@@ -360,9 +360,15 @@ class OnlinePaymentController extends BaseController
         }
 
         if ($gatewayTypeAlias) {
-            return redirect()->to($invitation->getLink('payment') . "/{$gatewayTypeAlias}");
+            $link = $invitation->getLink('payment') . "/{$gatewayTypeAlias}";
         } else {
-            return redirect()->to($invitation->getLink());
+            $link = $invitation->getLink();
+        }
+
+        if (filter_var(Input::get('return_link'), FILTER_VALIDATE_BOOLEAN)) {
+            return $link;
+        } else {
+            return redirect()->to($link);
         }
     }
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 995fc8298d40..e508f8d0c551 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -1,7 +1,7 @@
 <?php
-
 namespace App\Http;
 
+
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
 
 class Kernel extends HttpKernel
@@ -34,6 +34,6 @@ class Kernel extends HttpKernel
         'permissions.required' => 'App\Http\Middleware\PermissionsRequired',
         'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
         'api' => 'App\Http\Middleware\ApiCheck',
-        'cors' => '\App\Http\Middleware\Cors',
+        'cors' => '\Barryvdh\Cors\HandleCors',
     ];
 }
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
deleted file mode 100644
index f7248cdd42ab..000000000000
--- a/app/Http/Middleware/Cors.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-
-class Cors
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Closure  $next
-     * @return mixed
-     */
-    public function handle($request, Closure $next)
-    {
-        return $next($request)
-            ->header('Access-Control-Allow-Origin', '*')
-            ->header('Access-Control-Allow-Methods', 'GET, POST');
-    }
-}
diff --git a/app/Http/Requests/SaveClientPortalSettings.php b/app/Http/Requests/SaveClientPortalSettings.php
index 7886722ae2f6..7912c0df45da 100644
--- a/app/Http/Requests/SaveClientPortalSettings.php
+++ b/app/Http/Requests/SaveClientPortalSettings.php
@@ -41,17 +41,19 @@ class SaveClientPortalSettings extends Request
             $input['client_view_css'] = HTMLUtils::sanitize($this->client_view_css);
         }
 
-        if ($this->custom_link == 'subdomain') {
-            $subdomain = substr(strtolower($input['subdomain']), 0, MAX_SUBDOMAIN_LENGTH);
-            $input['subdomain'] = preg_replace('/[^a-zA-Z0-9_\-\.]/', '', $subdomain);
-            $input['iframe_url'] = null;
-        } else {
-            $iframeURL = substr(strtolower($input['iframe_url']), 0, MAX_IFRAME_URL_LENGTH);
-            $iframeURL = preg_replace('/[^a-zA-Z0-9_\-\:\/\.]/', '', $iframeURL);
-            $input['iframe_url'] = rtrim($iframeURL, '/');
-            $input['subdomain'] = null;
+        if (Utils::isNinja()) {
+            if ($this->custom_link == 'subdomain') {
+                $subdomain = substr(strtolower($input['subdomain']), 0, MAX_SUBDOMAIN_LENGTH);
+                $input['subdomain'] = preg_replace('/[^a-zA-Z0-9_\-\.]/', '', $subdomain);
+                $input['iframe_url'] = null;
+            } else {
+                $iframeURL = substr(strtolower($input['iframe_url']), 0, MAX_IFRAME_URL_LENGTH);
+                $iframeURL = preg_replace('/[^a-zA-Z0-9_\-\:\/\.]/', '', $iframeURL);
+                $input['iframe_url'] = rtrim($iframeURL, '/');
+                $input['subdomain'] = null;
+            }
         }
-
+        
         $this->replace($input);
 
         return $this->all();
diff --git a/composer.json b/composer.json
index 40ef6d8fe008..8bc97fb2ceab 100644
--- a/composer.json
+++ b/composer.json
@@ -82,7 +82,8 @@
         "predis/predis": "^1.1",
         "nwidart/laravel-modules": "^1.14",
         "jonnyw/php-phantomjs": "4.*",
-        "collizo4sky/omnipay-wepay": "^1.3"
+        "collizo4sky/omnipay-wepay": "^1.3",
+        "barryvdh/laravel-cors": "^0.9.1"
     },
     "require-dev": {
         "phpunit/phpunit": "~4.0",
diff --git a/composer.lock b/composer.lock
index fe938d6cc724..61d431d4a57d 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "16c087062022dc367fa7c330cb8f1bea",
-    "content-hash": "154f02784a3e9bb390f10ec0f23068e4",
+    "hash": "5c6d080c3a38d42e07ab70bf32760976",
+    "content-hash": "dcf4534113b5e62eb3f1fa6b453c82be",
     "packages": [
         {
             "name": "agmscode/omnipay-agms",
@@ -445,6 +445,64 @@
             ],
             "time": "2017-01-13 14:52:38"
         },
+        {
+            "name": "barryvdh/laravel-cors",
+            "version": "v0.9.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/barryvdh/laravel-cors.git",
+                "reference": "9fe3dfb7198ed6df0fca333347e5c9b2db62a2f4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/barryvdh/laravel-cors/zipball/9fe3dfb7198ed6df0fca333347e5c9b2db62a2f4",
+                "reference": "9fe3dfb7198ed6df0fca333347e5c9b2db62a2f4",
+                "shasum": ""
+            },
+            "require": {
+                "illuminate/support": "5.1.x|5.2.x|5.3.x|5.4.x",
+                "php": ">=5.5.9",
+                "symfony/http-foundation": "~2.7|~3.0",
+                "symfony/http-kernel": "~2.7|~3.0"
+            },
+            "require-dev": {
+                "orchestra/testbench": "3.x",
+                "phpunit/phpunit": "^4.8|^5.2"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "0.9-dev",
+                    "dev-develop": "1.0-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Barryvdh\\Cors\\": "src/"
+                },
+                "classmap": [
+                    "tests"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Barry vd. Heuvel",
+                    "email": "barryvdh@gmail.com"
+                }
+            ],
+            "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
+            "keywords": [
+                "api",
+                "cors",
+                "crossdomain",
+                "laravel"
+            ],
+            "time": "2017-03-20 15:05:31"
+        },
         {
             "name": "barryvdh/laravel-debugbar",
             "version": "v2.3.2",
diff --git a/config/app.php b/config/app.php
index 66fb04581fc5..5d11d2331ea8 100644
--- a/config/app.php
+++ b/config/app.php
@@ -157,6 +157,7 @@ return [
         'Jaybizzle\LaravelCrawlerDetect\LaravelCrawlerDetectServiceProvider',
         Codedge\Updater\UpdaterServiceProvider::class,
         Nwidart\Modules\LaravelModulesServiceProvider::class,
+        Barryvdh\Cors\ServiceProvider::class,
 
         /*
          * Application Service Providers...
diff --git a/config/cors.php b/config/cors.php
new file mode 100644
index 000000000000..99ccbfc88ac0
--- /dev/null
+++ b/config/cors.php
@@ -0,0 +1,20 @@
+<?php
+
+return [
+    /*
+     |--------------------------------------------------------------------------
+     | Laravel CORS
+     |--------------------------------------------------------------------------
+     |
+     | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
+     | to accept any value.
+     |
+     */
+    'supportsCredentials' => false,
+    'allowedOrigins' => ['*'],
+    'allowedHeaders' => ['*'],
+    'allowedMethods' => ['*'],
+    'exposedHeaders' => [],
+    'maxAge' => 0,
+];
+
diff --git a/resources/views/partials/white_label.blade.php b/resources/views/partials/white_label.blade.php
index f08d2fee786e..5bf25e3b168a 100644
--- a/resources/views/partials/white_label.blade.php
+++ b/resources/views/partials/white_label.blade.php
@@ -84,22 +84,25 @@
     }
 
     function buyProduct(affiliateKey, productId) {
-        window.open('{{ Utils::isNinjaDev() ? '' : NINJA_APP_URL }}/buy_now/?account_key={{ NINJA_LICENSE_ACCOUNT_KEY }}&product_id=' + productId + '&contact_key={{ Auth::user()->primaryAccount()->account_key }}' + '&redirect_url=' + window.location);
+        window.open('{{ Utils::isNinjaDev() ? '' : NINJA_APP_URL }}/buy_now/?account_key={{ NINJA_LICENSE_ACCOUNT_KEY }}&product_id=' + productId + '&contact_key={{ Auth::user()->primaryAccount()->account_key }}' + '&redirect_url=' + window.location.href);
         /*
         var url = '{{ Utils::isNinjaDev() ? '' : NINJA_APP_URL }}/buy_now/';
-        var data = {
-            'account_key': '{{ NINJA_LICENSE_ACCOUNT_KEY }}',
-            'contact_key': '{{ Auth::user()->primaryAccount()->account_key }}',
-            'product_id': productId,
-            'redirect_url': window.location,
-            'first_name': '{{ Auth::user()->first_name }}',
-            'last_name': '{{ Auth::user()->last_name }}',
-            'email': '{{ Auth::user()->email }}',
-        };
-        $.post(url, function (data) {
-            var w = window.open();
-            w.document.write(data);
-            w.document.close();
+        $.ajax({
+           url: url,
+           type: 'POST',
+           data: {
+               'account_key': '{{ NINJA_LICENSE_ACCOUNT_KEY }}',
+               'contact_key': '{{ Auth::user()->primaryAccount()->account_key }}',
+               'product_id': productId,
+               'first_name': '{{ Auth::user()->first_name }}',
+               'last_name': '{{ Auth::user()->last_name }}',
+               'email': '{{ Auth::user()->email }}',
+               'redirect_url': window.location.href,
+               'return_link': true,
+           },
+           success: function(response) {
+               openUrl(response, '/white_label')
+           }
         });
         */
     }