This commit applies the following changes: * Added local Content-Security-Policy with script-src nonce directive * Removed form-redirect.js and associated changes * Renamed to FormPostRedirectStrategy * Removed HtmlUtils usage * Moved to same package as DefaultRedirectStrategy