Works fine from a SSl’ed host without issue. (ignoring the 400 due to bad client ID)
And heres another test using a script
Make sure your request is being made from a “true” URL over SSL.
I cannot replicate your issue. I’ve tested it two different ways and it works fine.
But if you are serving off localhost rather than a real domain that might cause an issue in some cases and doesn’t model a real host correctly.