Created attachment 183491 [details] Test case (also in JSBin) When Safari issues an XMLHttpRequest and the server returns a 401, Safari seems to repeat the request. If the server uses OAuth, repeating the request triggers an OAuth error, because the nonce is reused. The server returns a 403, which is reported by the XMLHttpRequest. Both Chrome and Firefox report the 401 response from the XMLHttpRequest. The link is to a JSBin that demonstrates this issue with the Dropbox API server, but the bug is applicable to any other OAuth API. To reproduce the issue, click through the pop-up authentication (sign into Dropbox if necessary) and look at the console. Safari shows a 403 error, Chrome and Firefox show a 401 error. I used the Charles proxy to confirm my suspicion that Safari sends a second request to the API server. Any intercepting SSL proxy should do the trick. Please let me know if there is anything else I can do to help investigate this issue.