My security team flagged my Fiori logoff service because they are able to add a redirect to the end of the URL. They didn't use the Fiori app, they just googled to get the logoff string and entered the URL into the browser. So how do I prevent this?
...