We were just running through a few acceptance tests when we observed that redirect validation is not enabled. The xss blocks is a sweet out of the box feature... Is there a way/switch to limit the redirects to trusted domains only? (https://www.owasp.org/index.php/Open_redirect).