In Chrome, once a user is successfully redirected, the icon of a bookmarked
link would change to be the icon of the destination page. This means that
bookmarked links would not be completely locked, and information would leak.
Changing `window.location.replace` in the code to instead be
`window.location.href` simulates a user clicking rather than a real HTTP
request and thus prevents Chrome from changing the icon, and eliminates this
leakage of information.