Stumbled upon this issue and found an easy fix.
You have a VF page that you want to redirect a user to a different website, say for OAuth2 authenticate.
window.location.href='https://api.instagram.com/oauth';
This will not work as the browser will complain about Iframe security or Security sandbox violation.
This is because VF page are iframed, to get around this simply use below to redirect, this will redirect the actual page the VF page is iframed into.
window.top.location = 'https://api.instagram.com/oauth';