The privacy preferences form allows redirecting to a URL after saving, because it may be shown to users in lieu of a target page if there are services which require a consent choice. This redirect was not going through the same machinery as logins, which have a check This change makes it so our `PrivacyForm` includes Django's `RedirectURLMixin` as a base class. We then call `get_redirect_url()`, which will verify that the redirect is to a safe URL. Testing Done: - Ran unit tests, including added test. - Manually verified that redirects no longer allowed inserting arbitrary URLs.