Safari's defect on same-origin policy?

XMLHttpRequest object follows the same-origin security policy, which means you can't use it to request data from another domain. For example, the web page is hosted in domain http://www.domain.com, and it is forbidden to request data from http://www.domain1.com using XMLHttpRequest. You will get a permission denied exception when you try to call the open() method.

Same origin means same protocol, same host and same port. However, it looks like different browsers interpret this in different ways. I had an SCORM course, which is hosted in domain http://www.domain.com, but the requested app is located in domain http://www.domain.com:80. I didn't have any issue with IE and FireFox, but in Safair, I got a permission denied exception. I am wondering if this violate the same-origin policy in Safari.

Interesting discussion here for by passing the same-origin policy for XMLHttpRequest object in Firefox and IE.

PS: According to RFC 1738, the port defaults to 80 if port is ommitted. After I get rid of the 80 port number in the url for the requested app, it works in Safari. Unlike IE and Firefox, I guess Safari literally check the URL for the domain.