使用window.open的OAuth服务器端授权不在Opera中运行URL

I'm trying to make a server-side authorization through facebook. With this I wish that authorization happened in popup window (window.open). When a window is opened is triggered condition if (empty ($ code)) {..........}. Inside this conditions are formed URL address and redirects to this address. Everything works fine in all browsers except Opera (v. 12.01).The opera does not redirect. It happens here:

header("HTTP/1.1 301 Moved Permanently"); 
header("Location: ".$dialog_url."");
exit();

At the same time the url address in Opera is displayed but not executed. Please help solve the problem with a redirection in Opera.
All the source code is shown below.

index.php

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript" src="jquery-1.8.3.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
    $('#login_facebook').live('click',function(){
        path='facebook.php';
        window.open (path,'login','width=800,height=400,resizable=yes,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=yes');
        return false;
    });
});
</script>
</head>

<body>
<table>
    <tr><td><a id="login_facebook" href="#">Facebook login</a></td></tr>
</table>
</body>
</html>

facebook.php

<?php
session_start();
$app_id = "14619918......";
$app_secret = "171a7caaffeeab.....";
$my_url = "...........facebook.php";
$code = $_GET["code"];
if(empty($code)) {
    $_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
    $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($my_url) . "&state=". $_SESSION['state'] . "&scope=user_birthday,read_stream&display=popup";
    header("HTTP/1.1 301 Moved Permanently"); 
    header("Location: ".$dialog_url."");
    exit();
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
     $token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url). "&client_secret=" . $app_secret . "&code=" . $code;
     $response = file_get_contents($token_url);
     $params = null;
     parse_str($response, $params);
     $_SESSION['access_token'] = $params['access_token'];
     $graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
     $user = json_decode(file_get_contents($graph_url));
     echo("Hello " . $user->name);
   }
   else {echo("The state does not match. You may be a victim of CSRF.");}
?>