Host Header Injection allow HiJack Password Reset Link

The issue reported in #59666 and in #226659 is still applicable as originally reported, however it is tracked as an "informative" issue that can be resolved simply with proper webserver configuration or by configuring concrete5 to force a "canonical url".