Bumped into this while developing locally, a solution is to filter the requested url in bbp_verify_nonce_request
:
add_filter( 'bbp_verify_nonce_request_url', 'my_bbp_verify_nonce_request_url', 999, 1 );
function my_bbp_verify_nonce_request_url( $requested_url )
{
return 'http://localhost:8888' . $_SERVER['REQUEST_URI'];
}