Facebook app on touch sometimes goes to low-bandwidth mobile site instead of 'webapp' (see screenshots)

In the console I see the following error when this happens:

Unsafe JavaScript attempt to access frame with URL https://m.facebook.com/ai.php?aed=AQLaQhnQWooCh1SCclnEbY_lFhGLfUOD_NSo6-3kA…AXJ33Dds2dj1rG7WoDXJANzWSJH4ODGNbkpcQy4TvuOUYrm4zhhpbM9RZshEmupQuQMUsU09ag from frame with URL https://m.facebook.com/. The frame being accessed set 'document.domain' to 'facebook.com', but the frame requesting access did not. Both must set 'document.domain' to the same value to allow access.

The request looks like this:

{
  "log": {
    "version": "1.2",
    "creator": {
      "name": "WebInspector",
      "version": "537.36"
    },
    "pages": [
      {
        "startedDateTime": "2014-02-20T00:54:12.735Z",
        "id": "page_1",
        "title": "https://m.facebook.com/home.php?ref_component=mbasic_home_logo&ref_page=%2Fwap%2Fhome.php&refid=7",
        "pageTimings": {
          "onContentLoad": 1501,
          "onLoad": 1783
        }
      }
    ],
    "entries": [
      {
        "startedDateTime": "2014-02-20T00:54:12.735Z",
        "time": 1501,
        "request": {
          "method": "GET",
          "url": "https://m.facebook.com/home.php?ref_component=mbasic_home_logo&ref_page=%2Fwap%2Fhome.php&refid=7",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Accept",
              "value": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
            },
            {
              "name": "Referer",
              "value": "https://m.facebook.com/home.php?refsrc=https%3A%2F%2Fm.facebook.com%2F&refid=8&_rdr"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Ubuntu; Linux) WebKit/537.21 (like Android 4.3) AppleWebKit/537.21 Ubuntu Mobile"
            }
          ],
          "queryString": [
            {
              "name": "ref_component",
              "value": "mbasic_home_logo"
            },
            {
              "name": "ref_page",
              "value": "%2Fwap%2Fhome.php"
            },
            {
              "name": "refid",
              "value": "7"
            }
          ],
          "cookies": [],
          "headersSize": 386,
          "bodySize": 0
        },
        "response": {
          "status": 200,
          "statusText": "OK",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Pragma",
              "value": "no-cache"
            },
            {
              "name": "X-FB-Debug",
              "value": "Tq/jhU32MLh5aY+r4Pe+Muxz8xn6Y7mpP8BnwK78EhA="
            },
            {
              "name": "Content-Encoding",
              "value": "gzip"
            },
            {
              "name": "X-Content-Type-Options",
              "value": "nosniff"
            },
            {
              "name": "Date",
              "value": "Thu, 20 Feb 2014 00:54:14 GMT"
            },
            {
              "name": "X-Frame-Options",
              "value": "DENY"
            },
            {
              "name": "Content-Type",
              "value": "application/xhtml+xml; charset=utf-8"
            },
            {
              "name": "Cache-Control",
              "value": "private, no-cache, no-store, must-revalidate"
            },
            {
              "name": "Transfer-Encoding",
              "value": "chunked"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "X-XSS-Protection",
              "value": "0"
            },
            {
              "name": "Expires",
              "value": "Sat, 01 Jan 2000...

And here's the HAR when the page loaded up correctly:
http://paste.ubuntu.com/6963014/

(Sorry, I didn't realize it was so long, should've pastebinned the first one)

So this *was* working when I switched from https to http, but it's no longer working (gotta love intermittent errors.).

Now, I'm seeing in the inspector the following request url:
Request URL:https://m.facebook.com/home.php?ref_component=mbasic_home_header&ref_page=%2Fwap%2Fhome.php&refid=8

Giving the User Agent:
User-Agent:Mozilla/5.0 (Ubuntu; Tablet) WebKit/537.21

I think you’re seeing another occurrence of bug #1240485: basically the UA override mechanism is inherently unreliable, and it sometimes will send the correct override, and sometimes not. That’s very unfortunate, and fixing that would require quite some work in QtWebKit itself. We’re investing in oxide at the moment, where this will be properly fixed.

Note that your proposed workaround, to have the webapp point to the non-secure domain, improves things because most of the times the UA override is correctly set before the redirection to the secure domain happens. It’s not a guarantee that it will work all the time though.

I've uploaded a new version of the click package with the https -> http fix.