JavaScript

Why doesn't CORS want to work?

We have two sites and one periodically generates events and knocks js to the other. With the transition to https, everything went crazy. I set up everything seems to be correct, but I keep getting "OPTIONS https://www.mdapp.ru/net::ERR_INSECURE_RESPONSE ". I don't even know where to dig and what to do.
Headers given by nginx:

add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

How do I request:

$.ajax({
  type: "GET",
  url: 'https://www.mdapp.ru/',
  crossDomain: false,
  success: function (msg) {
    alert("Прокатило: " + msg);
  }
});

Did I forget to set something?
Thank you.