From 5c90dec400fe95e5317fe607998e8cf265448a0a Mon Sep 17 00:00:00 2001
From: Max Peintner <peintnerm@gmail.com>
Date: Fri, 7 Feb 2025 11:24:10 +0100
Subject: [PATCH] use forwarded host for redirect

---
 apps/login/src/app/login/route.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts
index de8d9a6b8f7..cdfa367942e 100644
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -201,8 +201,14 @@ async function findValidSession(
 }
 
 function constructUrl(request: NextRequest, path: string) {
+  const forwardedHost = request.headers.get("x-zitadel-forward-host");
   const basePath = process.env.NEXT_PUBLIC_BASE_PATH || "";
-  return `${basePath}${path}`;
+  return new URL(
+    `${basePath}${path}`,
+    forwardedHost?.startsWith("https://")
+      ? forwardedHost
+      : `https://${forwardedHost}`,
+  );
 }
 
 export async function GET(request: NextRequest) {