Client-side redirect by target + Server-side redirect by attacker (calc) via iframe for repeated prompts
Repeated prompts work automatically.