Localhost is not blacklisted for webhooks & it follows redirects #624
Description
There seems to be no issue creating a webhook with a payloadUrl pointing to localhost.
I'd recommend to blacklist localhost and 127.0.1 since there are no use-case for creating a webhook to localhost and it only introduces possible attack vectors.
I've verified that it does indeed try to connect to localhost by using netcat to listen for connections directly in the container.
Also; the webhook follows redirects. I was able to redirect the webhook from a POST request to a GET request. But I was not able to exploit it any further.