I've found the solution. If you execute FB.login without user action, webkit blocks the popups.
For instance, I used an invite system on my project. There was a input/text to enter invitation code. I checked the invitation code is available with an ajax/post request. if it is available, I run FB.login(). As you guess, browser blocked popup and tons of errors appeared at js console.
So you must run FB.login() after a user action. I'll put a facebook login button between ajax/post and FB.login(). Users'll have to click it -thats sucks- but they'll not see a problem.
Btw, the problem reoccurs after a few days. I think it's about trust system of browser. When you're developing it, you visit lots of times, browser thinks it's reliable at first. I'm not sure about this part but my solution works.
This seems to be a bug with the Twitter button code that you would probably want to log with Twitter. It seems to be attempting to traverse every dom object on the page and it is not able to access the Facebook iframe object. For example, if you also add the Google +1 button, it will now throw an additional similar message but for Google related urls.
The functionality doesn't seem to be impacted though so I would just ignore it. Any site using this Tweet button and also another iframe from a different server (eg Facebook/G+ button) will also have the same issue (for example try any page on mashable.com). If you do not want to just ignore it, you could remove the Twitter javascript reference and create a custom Tweet button as mentioned on their Tweet button page, by using javascript to popup this url format: http://twitter.com/share?url=http%3A%2F%2Fdev.twitter.com%2Fpages%2Ftweet-button, with the downside of this being that the tweet count won't show on your page.
Best Answer
I believe it's because the URL the request is made from is not under your Site URL.
Look at your "origin" parameter in the URL you've submitted.
You can only make calls from the location you've defined as your Site URL.