InvalidCrossOriginRequest warning in test with GET request in JS format

We’ve got a test case, something like

    def test_some_feature
      admin = create(:admin)
      provider = create(:provider)
      sign_in admin

      stub_the_feature( do
        get :index, params: { provider_id: }, format: :js

      assert_response :ok
      assert_template "index"

This GET request works just fine when we try it on staging, I mean we still get the response expected but this test fails with:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding....

I didn’t really get how this is considered cross origin request or why though as I don’t know much about that subject.

Is there any way to resolve this issue without doing something like :point_down: (I am not even sure whether this would resolve the problem as only the test fails and on staging everything is just fine)

protect_from_forgery except: :index

Also I couldn’t find any documentation regarding the format option passed to get. Where could I find more info about that?