Starting March 12th, all canvas applications must embed User IDs in a HTTP POST body to ensuring they aren’t exposed in the HTTP Referrer header. POST for Canvas is the solution Facebook developed for a much publicized issue with third-parties gaining access to User IDs.
All applications on Facebook.com must use this protocol or they will error out. To test the change, developers can go to the Advanced tab of the Developer app, and enable POST for Canvas under Migrations.
Previously, Facebook all0wed developers to convert normal user accounts into test accounts that can’t interact with the rest of the Facebook user base or be turned back into normal accounts. To prevent users from accidentally being turned into test accounts, Facebook has removed the conversion option.
Now, developers must create test accounts via the Graph API using the updated documentation. This should reduce the incidence of horror stories where developers lose all their friend connections because they mistakenly converted themselves into a test account assuming they could change back.