I'm currently working on a web application that is loaded inside an iframe inside a webview in a mobile app. As the user clicks a button, I perform an AJAX request, and once I get a successful response, I need to redirect the user to another page, by modifying
window.top.location.href. This works in most situations, but in a certain iOS app, the redirect is not performed in a fair amount of cases.
I've tried to search for information about this, but given the peculiar setup, I haven't really been able to find anything. I don't control the iOS app, only the application running inside the iframe, so it's fairly hard to debug.
When the redirect fails, it does so silently. If I inspect the network traffic of the app, I can see that there's no request being made to the URL I try to redirect to.
My current hypothesis is that the redirect is being blocked as a security measure because it's not a direct result of a user interaction. You click on a button, the request is made, then the redirect happens a second or two later (depending on how long the request takes). I have tried to verify this in two ways:
Tap the screen in random, non-interactable spots while the reuqest is being made. If there is some kind of simple timer that is reset any time you interact with the device, to determine whether or not the redirect should be allowed, then tapping should make the redirect work. As far as I can tell, that is the case, but it's hard to verify that it isn't caused by something else.
Introduce an artificial delay before the redirect. So even if the request is done after 500ms, I wait an additional five seconds before doing the redirect. This should cause the redirect to fail consistently. Doing this also seems to support my hypothesis, but again, it's hard to know if that is the reason.
Has anyone else experienced this issue? If so, is my hypothesis correct, and did you come up with another workaround than adding a "Click to continue" button to actually do the redirect? Is there any documentation on this behavior anywhere?