Are you sure it’s being blocked because of CORS issues and not mixed content issues?
Many modern browsers have started blocking Mixed Content – in other words, they won’t let you embed HTTP content in an HTTPS site (unless you specifically flag it as enabled).
If you’re sure it’s a CORS issue, can you share some more details on what you’re trying so I can better understand?