Limit allowed return_to URLs

[nsklikas]

concern (out of scope): does this mean that ALL URLs in the domain are allowed as return_to? I think that this was intentional, but we should limit it to just the login UI (seems like a security concern)

Originally posted by @nsklikas in #506 (comment)

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-1714.

This message was autogenerated