If you used Webmin you should know that it has a security control that check the existence of the HTTP referer header at each request, just to be make sure that when you access a subpage you’re coming from the parent module instead of a direct request.
window.location not passing the referrer to Webmin
window.location = '/newurl';
this will not pass the additional HTTP referrer to the target Webmin page.
Webmin will output an error page explainging that a security settings must be turned off.
This is my example i used to switch from a Webmin server to another using ajax: