I had a very similar problem with reactJS front end and rails API using Rack::Cors, and adding patch to the list of allowed methods solved the problem for me.
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :patch, :options]
end
end