Script not able to modify window location within WebView on iOS 15.5+

Hi team,

I'm troubleshooting some weird authentication issues within my website where I offer Signin with Apple option. Basically, after the user does Apple login, I have this script to update the location URI of the window opener back to my origin domain. But this line of the script is working correctly when login is launched in a browser such as Safari or Chrome, and it just got ignored when launched from a WebView within an application, and it can only be reproduced since iOS 15.5+. Here is some more context for comparison:

Request from Safari:

POST /callbackApple HTTP/1.1
Host: signin.example.com
Content-Type: application/x-www-form-urlencoded
Origin: https://appleid.apple.com
Accept-Encoding: gzip, deflate, br
Cookie: _ga=GA1.3.1679051778.1669664368; _gat=1; _gid=GA1.3.1808016405.1669664368; signin-cookie="5ce93a47904daa5e"; _abck=F930E04300E8E8AB552C14541A40AD3C~0~YAAQmZTYF7CO3fCBAQAAZkOmHQha0qNYdbsfcZ4zEtwsjoRST+T+DNTMb5+E9uL8OvEL3YA0K0Tn7xS+OKoGPGib5rmpBOZVQq1+XoPEFJOij8Ao8mMKrvztGMN0HgNBmldcy3BCpTLgWFgckVzF/MOLhHL87yVOhCnsKqJEG8WwuH9I1G6xb2k4R6CfX9qzCfh9pexN2KBbE/FW7KtrP5KkRq2Y2a6AlQA3hr068J426LBkRAiHhj7mrAjIZHPXVlAq9PLKSO/LOxvovAbh6bOUP6EZHk1De4IvPU5DqwdA2yQMtyrz/K+MHE5NA0oaLTjhiSmTNUFOckcmQAl+9PRuXYpgVa5UukkSztNLlbn4xOi2ZvZ4B0jtSg57AeXsl56j36NSCmBqioEdA7N54V3IiwOz~-1~-1~-1
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1
Referer: https://appleid.apple.com/
Content-Length: 1293
Accept-Language: en-US,en;q=0.9

Same request sent from WebView in another App

POST /callbackApple HTTP/1.1
Host: signin.example.com
Content-Type: application/x-www-form-urlencoded
Origin: https://appleid.apple.com
Accept-Encoding: gzip, deflate, br
Cookie: ga=GA1.3.439982965.1669661343; _gat=1; _gid=GA1.3.712268364.1669661343; signin-cookie="39fd5b51e0350b24"
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1
Referer: https://appleid.apple.com/
Content-Length: 1448
Accept-Language: en-US,en;q=0.9

And the response to the requests above is always the same, a blank HTML page as shown below with some scripts to update the opener and redirect user back to my website. Note that the script self.close() always works, but window.opener.location.replace(redirectUri) only works when it's inside of Safari or Chrome browser but not in Webview opened by some other application.

Response body content:

...
<script type="text/javascript">
    var redirectUri = 'https://example.com';
    redirectUri = redirectUri + "access_token=" + "${accessToken?no_esc}" + "&token_type=apple";

    [#if nickName??]
        redirectUri = redirectUri + "&nickName=" + "${nickName?no_esc}";
    [/#if]


    redirectUri = redirectUri + "&_eventId=loginFromApple" + "&execution=" + "${execution?no_esc}";
    if ( window.opener ) {
        window.opener.location.replace(redirectUri);
        self.close();
    }
</script>
...

I'm not sure could it be related to some security update within Webkit https://support.apple.com/en-us/HT213412 but we started to see this issue after the iOS version mentioned in the post. Any help would be much appreciated, thanks.