Because the POST request actually doing the upload is done by the site's AJAX script using the XMLHttpRequest object, you cannot break out of that communication context and get to an HTML renderable window.
OK, yeah, that makes sense now. Duh. I looked at the connection today and I could see the 302 coming back to the browser and being ignored.
IIRC, the issue with transparent access and 401 unauthorized without an intermediate 302 of some sort is that the client is authenticating for the specific destination so if you tried to do Authentication.Authenticate<whatever> for all situations, the client would have to reauthenticate for each destination domain.
Might be workable for a specific situation such as gmail.I tested for that use case and it works as needed. There is a prior rule after Enable Opener that sets a user-defined property if a specific criteria is met. Authentication rule looks like this:
Big Upload Authentication Enabled
Applies to Requests: False / Responses: False / Embedded Objects: True
1: Cycle.TopName equals "Request"
Enabled Rule Action Events Comments Enabled Big Upload Authentication
1: User-Defined.BigUpload equals true
2: AND Authentication.Authenticate<Radius> equals false
Authenticate<Big Upload Authentication> Authenticate large uploads to gmail if user defined property has been set.