Are you using spring-boot?
If I understood correctly you are setting up an endpoint and then calling it in directly in the frontend. I wouldn’t do that as it seems you could be, in a way, renouncing on the framework capabilities and exposing the application to a security risk. You should be able to properly bind the java side to a custom frontend component.
Could you please tell me which is the use case ?