I've tested the following workaround in Chrome which seems to resolve it
- Open Chrome
- In the address bar type chrome://flags/
- In the search box in that page type CORS
- Under Block insecure private network requests change from Default to Disabled
- Click Relaunch at the bottom right
My understanding is that this would not be an issue if http://ai2.appinventor.mit.edu/ was an HTTPS site so hopefully that is fixed at some point