Hello, The connect with paypal api takes a returnurl (see https://developer.paypal.com/docs/integration/direct/identity/button-js-builder/) which is the url that the user is directed to after logging into his or her paypal account. The returnurl must be an exact match of one of the returnurls specified in your application settings. However, before last Thursday (March 21, 2019), you were able to include a url param with the name 'state' in your return url that would be ignored for the purposes of matching your apps returnurl. For example https://yoursite.com would match https://yoursite.com?state=importantstuff . On Thursday, the state param stopped being whitelisted on the production version of the paypal api if the user accesses the connect to paypal button on a desktop. It is still whitelisted if the user is on a mobile browser. It is also still whitelisted for all users on the sandbox version of the paypal api. Is there someone from PayPal who can provide insight here? It seems to be a mistake, especially to have different functionlity in the sandbox/production versions of the API.
... View more