In MAGNOLIA-5991 the option to do a GET login with additional parameters were removed to avoid malicious links.

But there are valid use cases for redirects after logins and this was addressed in MAGNOLIA-6043 by introducing mglnReturnTo Parameter. The problem with this generic parameter is, that is allows any kind of malicious redirects and also invalidates MAGNOLIA-5991.

Example Link: http://localhost:8080/konto?mgnlReturnTo=http%3A%2F%2Fexample.com%2Fnext

More on the topic: https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Discovering-Open-Redirect-Vulnerabilities/

A solution would be to keep the support for mglnReturnTo but maintain a white list of allowed urls and parameter names.