Same pattern as the DomainAliasForm fix: validate submitted values instead of stale entity defaults. Also read validate_url from form_state rather than the entity.
Closes #3575783