diff --git a/apps/login/app/(login)/login/route.ts b/apps/login/app/(login)/login/route.ts
index a96b2a163da..7751651f6c1 100644
--- a/apps/login/app/(login)/login/route.ts
+++ b/apps/login/app/(login)/login/route.ts
@@ -157,13 +157,13 @@ export async function GET(request: NextRequest) {
           } else {
             return NextResponse.json(
               { error: "No active session found" },
-              { status: 500 } // TODO: check for correct status code
+              { status: 400 } // TODO: check for correct status code
             );
           }
         } else {
           return NextResponse.json(
             { error: "No active session found" },
-            { status: 500 } // TODO: check for correct status code
+            { status: 400 } // TODO: check for correct status code
           );
         }
       } else {
diff --git a/apps/login/middleware.ts b/apps/login/middleware.ts
index 178df000062..504d0fd596a 100644
--- a/apps/login/middleware.ts
+++ b/apps/login/middleware.ts
@@ -12,6 +12,7 @@ export function middleware(request: NextRequest) {
   const requestHeaders = new Headers(request.headers);
   requestHeaders.set("x-zitadel-login-client", SERVICE_USER_ID);
 
+  // this is a workaround for the next.js server not forwarding the host header
   requestHeaders.set("x-zitadel-forwarded", `host="${request.nextUrl.host}"`);
 
   const responseHeaders = new Headers();