Looks like you are using Service Worker(?) or something similar somewhere in your code.
I may be missing something, but last time i checked similar setup it only accepted HTTP with localhost IP (
127.0.0.1). For anything else TLS was required.
So either set up TLS or run IPFS API on the same hostname&port as your app (can be done with reverse proxy such as Nginx).
Keep in mind that exposing API port to the public internet is a huge security risk. Anyone can upload or pin anything to your node. It is generally a better idea to hide API by tying it to localhost and orchestrating it via custom backend code that provides authorization etc.