Cross-origin iframe won't load in CI environment when CloudFlare is enabled

[jeffgammon]

I have an app that loads a cross-origin iframe. Both the app URL and the iframe URL are using https. My Cypress test loads the app page, verifies that some expected content exists inside the iframe, and exits. This test has been running successfully for quite some time, both in CI environment and from other non-CI machines. We introduced CloudFlare into our server configuration for the cross-origin iframe server. Now, when running the Cypress test but only in the CI environment, the iframe content no longer loads. When we run the Cypress test from other, non-CI machines, the iframe content loads as expected.

Another detail about the iframe URL processing: the iframe's src URL successfully launches and responds with an auto-submitting javascript form, whose URL is on a subdomain of the original URL. It is this auto-submitted-from-javascript URL that I believe is the failing request URL. In other words, HTML like:

<iframe src="https://my.domain.com/work" /> successfully responds with javscript , and the form auto-submits which is supposed to launch the URL for "https://other.my.domain.com". It is this request to "other.my.domain.com" that fails.

I captured a HAR file from Chrome in CI, and the "Remote address" for the other.my.domain.com request looks broken. The Remote address is simply :80

By comparison, the Remote address for "https://my.domain.com/work" was 127.0.0.1:80, which I believe is the Cypress proxy server address.

We're running latest Cypress (13.13.2). I've tried testing with Chrome, Firefox, and Electron.

In Chrome, the iframe shows the standard Chrome unhappy-face icon, and the underlying HTML has some scripts that includes text: "ERR_EMPTY_RESPONSE", "This page isn't working", and "...myurlhere... didn't send any data."

When I run the test in Firefox, the iframe contains the text "Secure Connection Failed An error occurred during a connection to ....myurlhere... The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

I have watched the captured video from the Chrome run, and the error appears immediately upon loading the iframe.

We have verified with CloudFlare that the request never reached their server (nor did the request reach the actual processing server) It does not appear that Cypress browser actually made the request.

Any ideas? This seems like it might be a Cypress bug with cross-origin iframes that respond with a different URL than the original frame URL domain, but I'm not sure. Thanks, in advance, for any suggestions.