So there was a couple things wrong with the setup after digging a little bit more.
https://websiteURL.com and https://www.websiteURL.com are treated differently. Ensure you enable both.
Cors Cookies are restricted very heavily in Safari. There are a couple of ways to bypass but I ended up just changing my configuration to not use cookies but to pass a bearer token in each api call, which has seemingly worked thus far. Another way around it I saw was to put your website and backend in the same domain to avoid the cors issue altogther. Proxies were the last thing I saw that could be a solution.
*A warning, ChatGPT and other chat bots can be a good starting point and do a lot of meaningful tasks, but for some more nuanced issues like this, they can't problem solve. I spent quite a few hours going back and forth with them to no avail. Relying on them too heavily can cause more harm than good for issues like this that are not so straight forward. Forums, youtube videos, and the documentation of whatever services you are using are all sources that should be also be leveraged. A big lesson for me going forward