Today, when I set the redirect_url with or , the payment request API responds with

This validation makes a lot of sense for webhooks but it makes no sense for redirect url.

From what I know (please correct me if I'm wrong), the redirect url is for the client browser to redirect back to the merchant once the payment is complete/cancelled. The url is not called from your server side. There should not be any issues by allowing localhost.

Although there are many ways to hack around this, I think it makes a lot of sense to allow and for redirect_url to ease local testing.