Devise-OmniAuth Facebook login stuck with CORS Issue

Question

So I have a fairly bland skeleton Rails application I've been setting up but I'm hard stuck on a CORS issue I can't seem to solve. The CORS result is the following:

Access to fetch at 'https://www.facebook.com/v4.0/dialog/oauth?client_id=<client_id>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fauth%2Ffacebook%2Fcallback&response_type=code&scope=email&state=511bb14a4b678404f0fc4fc4b52a641439077a27ecd5dac4' (redirected from 'http://localhost:3000/auth/auth/facebook') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Followed by:

GET https://www.facebook.com/v4.0/dialog/oauth?client_id=<client_id>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fauth%2Ffacebook%2Fcallback&response_type=code&scope=email&state=638479b154f07d92d9561547b01f9a392d35c523fe8e4776 net::ERR_FAILED

I only have started a Rails 6 with Postgres, added Devise, and then added the OmniAuth-Facebook gem. To try and work around this I've ensured the link I'm using to prompt Facebook login is a post. I've tried both URL link and button. I'm not doing this vis JS, just normal ERB templating:

  <%#= button_to "Sign in with Facebook", user_facebook_omniauth_authorize_path %>
  <%= link_to "Sign in with Facebook", user_facebook_omniauth_authorize_path, method: :post %>

Then I kept looking around and found people saying rack-cors solved it for others, but not for me. My config is as follows:

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*',
             :headers => :any,
             :methods => [:get, :post, :delete, :put, :options],
             :expose  => ['access-token', 'expiry', 'token-type', 'uid', 'client', 'Access-Control-Allow-Origin'],
             :max_age => 0
  end
end

Rails.application.config.hosts << ".facebook.com"

The last line was my last ditch effort to figure out what I'm missing.

At this point I'm at a loss as to where to look next. I haven't even created custom views for anything other than a dummy index page so I'm not sure where to look. Any help pointing me in at least the right direction is appreciated.

EDIT: I have uploaded my project as is (removing my Facebook app keys) here: https://github.com/firrae/devise-omniauth-facebook-CORS-error-example. I'm sure it's something dumb at this point, but I'm not sure where to look at this point.