I managed to find the issue, maybe this is something to add in the docs for people on Rails with a CORS config.
I had to add the following in my config:
# config/initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
# my original config, this can stay there
end
# Used for Forest Admin
allow do
origins 'https://app.forestadmin.com'
resource '/forest/*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
credentials: true,
max_age: 1728000
end
end