Changes to JSONP callbacks

As of July 8th, we now validate JSONP callbacks and prefix them with /**/. All callbacks must match the regex [a-zA-Z_$][\w$]*(\.[a-zA-Z_$][\w$]*)*, or simply they must contain only alphanumeric characters, underscores, dollar signs and periods.

For everyone using JSONP callbacks that match this regex in a javascript environment, this shouldn’t affect you at all.

This change was made in response to a security vulnerability. For more on the vulnerability, please read

1 Like

This topic is now pinned. It will appear at the top of its category until it is either unpinned by a moderator, or the Clear Pin button is pressed.

Why the callback param doesn’t work for access_token method anymore?

For example, the command
returnes the valid response for stream called channel, but the commend
returns foo({“error”:“Bad Request”,“status”:400,“message”:“Bad Request”}), although it worked earlier