Incorrect validation of local Oauth 2 redirect URIs in App
The IPv4 loopback address block is nearly seventeen million addresses automatically bound from 127.0.0.0 to 127.255.255.255, but the settings page in the App Console allows only the single address 127.0.0.1. It reports valid loopback addresses in that range as "non-local". This makes it impossible for apps to listen on…
