Here’s a fun, major example of a cross-browser bug in the wild. It seems that, for certain users of the Safari 4 beta (latest update after the Mac OSX release), logging into Facebook is totally hosed. If I try to log in, Safari gives me a cursor with a lovely blue ball. It doesn’t even spin like the beach ball of death.

Running the Safari Developer tools error console yields the following errors on Facebook’s end:

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/home.php? from frame with URL
http://static.ak.facebook.com/common/redirectiframe.html. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/home.php? from frame with URL
http://0.channel14.facebook.com:80/[snip...]. Domains, protocols and ports must match.

Basically, it looks like Facebook’s trying to send a request during the login process from a subdomain of their site. Safari’s flagging it as breaking the AJAX “same origin” URL policy and preventing the request from completing. By acting correctly - Facebook’s requests are indeed breaking the same origin policy - Safari’s also blocking me (and a whole bunch of other people) from being able to login. (Now, I could be wrong here with the exact cause of the behavior, but the bottom line is something on Facebook is still totally breaking login in Safari 4.)

Is the new Safari being too strict? Why can I login in Firefox and Google Chrome? Is this an odd use case in a browser with a small market share (I’m guessing less than 4% of Facebook’s base) that wouldn’t be caught during testing as it’s not part of Facebook’s test platform, or is it a legitimate cross-browser bug that will be solved?

Clearing my cache (holding SHIFT and pressing the refresh button in the address bar or holding CONTROL + F5 / CONTROL + FN + F5 on a macbook) seemed to do the trick: the requests still showed up as failing, but I was able to log in. But, I’m still interested to see if this winds up being a fairly high-profile example of cross-browser development’s pitfalls on a really big stage.

Very, very odd.