OpenID frontchannel redirect done twice

[CGNonofr]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

In the logout page, the code is trying the change the url by using window.location.replace THEN window.location.href 250ms later.

The issue is when the url Hydra is redirecting to is a http 302 that redirects to another url, the window.location.href call makes the browser come back once again to the original redirect url, making the call 2 times (when the loading takes more than 250ms).

Reproducing the bug

Reproducing with hydra needs a lot of configuration, but I can demonstrate the bug in the code snippet:

	function redirect() {
		window.location.replace(redir);
		// In case replace failed try href
		setTimeout(function () {
			window.location.href = redir;
		}, 250); // Show message after http-equiv="refresh"
	}

• Go to any site
• Clear the browser network console
• Go to the javascript console and execute:

const redir = 'https://tinyurl.com/codingame-test-redirect';

window.location.replace(redir);
	
setTimeout(function () {
    window.location.href = redir;
}, 10);

• Go back to the network console, you'll notice the call to https://tinyurl.com/codingame-test-redirect has been done twice, will the first one has been cancelled

Relevant log output

No response

Relevant configuration

No response

Version

2.0.1

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

This behavior can be observed at least with latest Chrome and latest Firefox

[aeneasr]

Thank you, we aknowledge this problem. Any PRs with fixes are welcomed!