Also, I have tested the patch in comment 5 in devstack and verified it works to return a 400 Bad Request if "//" are included in the URL to redirect, provided that the browser has not previously cached a past redirect.
I used the following URL to test: http://127.0.0.1:6080//google.com/%2F..
Also, I have tested the patch in comment 5 in devstack and verified it works to return a 400 Bad Request if "//" are included in the URL to redirect, provided that the browser has not previously cached a past redirect.
I used the following URL to test: http:// 127.0.0. 1:6080/ /google. com/%2F..