11f5ca83ec
Defense-in-depth against header injection if the post-login redirect target ever reaches a context that doesn't re-encode it. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>