HostAuthorization middleware does not suitably sanitize the Host / X-Forwarded-For header allowing redirection.
