CORS error while accessing endpoint from S3 static website

Question

I am calling my rest endpoint from aws s3 static website and getting below CORS error

Access to fetch at 'http://[my-public-ip]:5225/user/1' 
from origin 'http://[my-bucket].s3-website-us-east-1.amazonaws.com' 
has been blocked by CORS policy: The request client is not a secure context 
and the resource is in more-private address space `private`.

I have below code in my springboot for allowing cors, also i tried various other combinations like allowedOrigins, allowedMethods but none of them working

@Override
public void addCorsMappings( CorsRegistry registry ) {
  registry.addMapping( "/**" );
}

Also i tried adding cors setting in s3

[
    {
        "AllowedHeaders": [
            "Authorization"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "Access-Control-Allow-Origin"
        ]
    }
]

am i missing something?

Answer 1

I found the solution. The issue was only with chrome browser. S3 static endpoint was on http and springboot backend application was on https.

I created a cloudfront distribution for my s3 static website and now since both are on https i am not getting the error.