I should add, I have a semi-solution for this problem but its not ideal. That is to edit ContentSecurityPolicy.php and add the trusted domain, submitting form-action, to the array $allowedFormActionDomains.
But that means everytime I remove the docker container - I have to re-edit it.