I've noticed that using localhost for the redirect_to parameter gives a 403 error now. It works for other domains as far as I can tell.
Is there any way around this? It makes development really difficult.
My guess would be that it's the security service we're running now, but I'll admit that's a bit strange. In any case, one solution would be to create and a local resolvable domain. This is what I do for local dev. All of my services have local domains, and it sounds like this should allow you to use it for dev and get redirect_to working again.
Alright, thanks. I'll look into that.