Our app allows users to login through Facebook. The page creates a popup which is redirected to FB login page (https://lm.facebook.com/l.php?u=https%3A%2F%2Fm.facebook.com%2Fdialog%2Fconsent%2Fcomplete% ..., with header Cross-Origin-Opener-Policy: same-origin-allow-popups;report-to="coop_report". At this point the window.opener reference is valid and points to original window. On desktop and iPhone the login then completes, redirects back to our page, with window.opener reference still valid.
However on Android (Chrome) when the popup redirects to our page it does so with window.opener set to null.
Meantime the only redirects are:
https://m.facebook.com/dialog/consent/complete/ with Cross-Origin-Opener-Policy: unsafe-none;report-to="coop_report" header
and then back to our page without any COOP header.
There is one apperent difference - on Android a dialogue is shown that is not triggered on iPhone or desktop: "You previously logged in to ****** identity with Facebook. Would you like to continue?" On this dialogue the window still has the opener reference, and after it the above mentioned requests are fired.
I am not sure where exactly was the opener reference lost, or how can I prevent that, and why does it only happen with Android login process. I have found nothing in the Facebook documentation so far, and it seems to me that this could be a bug rather than a feature - however I still need to overcome it somehow.