loginWithPopup: Cross-Origin-Opener-Policy policy would block the window.closed call.

### Checklist

- [x] The issue can be reproduced in the [auth0-spa-js sample app](https://github.com/auth0-samples/auth0-javascript-samples/tree/master/01-Login) (or N/A).
- [x] I have looked into the [Readme](https://github.com/auth0/auth0-spa-js#readme), [Examples](https://github.com/auth0/auth0-spa-js/blob/main/EXAMPLES.md), and [FAQ](https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md) and have not found a suitable solution or answer.
- [x] I have looked into the [documentation](https://auth0.com/docs/libraries/auth0-single-page-app-sdk) and [API documentation](https://auth0.github.io/auth0-spa-js/), and have not found a suitable solution or answer.
- [x] I have searched the [issues](https://github.com/auth0/auth0-spa-js/issues) and have not found a suitable solution or answer.
- [x] I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
- [x] I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).

### Description
we are using auth0 to incrementally consent google API, after login. So when click a button, we try to call Loginwithpop to finish consent. but after the consent finished, in the console log show the error messages below:
**Cross-Origin-Opener-Policy policy would block the window.closed call.**

### Reproduction

Sample app can repro this bug; by change loginWithRedirect to loginWithPopup

<img width="2522" height="582" alt="Image" src="https://github.com/user-attachments/assets/f8d277a2-88ff-4cfe-b99d-61b2ce2cca5c" />

Below are some code snippet from my project
 public async incrementalConsentGoogle(): Promise<void> {
    const { auth0 } = await Auth0.get();
    const user = await auth0.getUser();
    return auth0.loginWithPopup({
      authorizationParams: {
        ...AUTH0_GOOGLE_CALENDAR_REQUEST.authorizationParams,
        login_hint: user?.email,
        connection: this.getConnectionFromTokenType("google"),
      },
    });
  }

await incrementalConsentGoogle(getConsentPopup())
        .then(async () => {
          setAllowAccess(isChecked);
        })
        .catch(async (error: Error) => {
        });

catch can't catch the error:  **Cross-Origin-Opener-Policy policy would block the window.closed call.**
### Additional context
**I find some posts with the same issue with me, that both not been addressed.**

https://community.auth0.com/t/cross-origin-opener-policy-policy-would-block-the-window-closed-call/129059
https://community.auth0.com/t/winchan-js-150-cross-origin-opener-policy-policy-would-block-the-window-closed-call/110030

### auth0-spa-js version

@auth0/auth0-spa-js@2.1.3

### Which framework are you using (React, Angular, Vue...)?

React

### Framework version

react@18.3.1

### Which browsers have you tested in?

Chrome

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

loginWithPopup: Cross-Origin-Opener-Policy policy would block the window.closed call. #1418

Checklist

Description

Reproduction

Additional context

auth0-spa-js version

Which framework are you using (React, Angular, Vue...)?

Framework version

Which browsers have you tested in?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

loginWithPopup: Cross-Origin-Opener-Policy policy would block the window.closed call. #1418

Description

Checklist

Description

Reproduction

Additional context

auth0-spa-js version

Which framework are you using (React, Angular, Vue...)?

Framework version

Which browsers have you tested in?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions