Comment 9 for bug 1440958

Instead of matching only the <scheme>://<netloc> of the redirect_url with the URLs in trusted_dashboard, how about changing the check into <redirect_url>.startswith (<url in trusted_dashboard>)

this provides the flexibility to the deployer to make the validation loose by providing just the <scheme>://<netloc> or restrictive to check the full redirect URL.