The browser should block the redirections and prompt to allow bypassing the intervention
That requires the redirection to be targeting a third party origin. Clone this repository and host it somewhere for the demo to work
TODO: Make it with a python/node script or android app that would spawn servers on different ports