Firefox CORS preflight always fails

I have a Rails webapp hosted on a subdomain hitting our API on a different subdomain. We are using the rack-cors gem allowing all origins to all resources. This works fine in Chrome but with Firefox it throws an error about CORS after executing the OPTIONS request (it doesn't receive a response).

Here is a screenshot of the request in Firefox: enter image description here

If I use all of the same headers and execute the request using curl from the command line then it returns a 200 OK.

*   Trying
* Connected to ( port 3000 (#0)
> OPTIONS /v1/signed_url HTTP/1.1
> Host:
> User-Agent: curl/7.54.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding: ggzip, deflate
> Accept-Language: en-US,en;q=0.5
> Access-Control-Request-Headers: authorization,content-type
> Access-Control-Request-Method: POST
> Connection: keep-alive
> DNT: 1
> Origin:
< HTTP/1.1 200 OK
< Content-Type: text/plain
< Access-Control-Allow-Origin:
< Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
< Access-Control-Expose-Headers: X-Alternative-Payment-Required
< Access-Control-Max-Age: 1728000
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: authorization,content-type
< Transfer-Encoding: chunked
* Connection #0 to host left intact

I have been trying to debug this but Firefox doesn't seem to provide any great way to debug what is causing the failure and their documentation leaves a lot unanswered.

Any tips or ideas to try?

Update 1

# Rack::Cors config
config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head], expose: ['X-Alternative-Payment-Required']