So, I've just received a warning regarding my usage of the Facebook-login solution for my app. The warning says:
In March, we're making a security update to your app settings that will invalidate calls from URIs not listed in the Valid OAuth redirect URIs field below.This update comes in response to malicious activity we saw on our platform, and we want to protect your app or website by requiring a new strict mode for redirect URIs.
This makes me think that strict mode would be a mandatory thing for everyone. But, I did some further research about this and found a blogpost about it saying:
In March, we'll be turning on Strict Mode for everyone by default.
This, on the other hand, makes me believe that the strict mode wont be mandatory but will be selected by default when creating a new app, but can be turned off if you don't want to use it.
Well, how should i interpret this? Will it be mandatory or not? Anyone got any further information about it?
Thanks.
Yes, it will be mandatory.
In March, we'll be turning on Strict Mode for everyone by default.
This phrasing might be a little unlucky; but it means that for now you can turn this setting on yourself for your apps - come March, Facebook will do it for you (and everyone else), and it will not be optional any more.