From bfe072d10b99b4ca7f189a2dd04a6faf3e62ce6c Mon Sep 17 00:00:00 2001 From: Ethan Swan Date: Sun, 8 Feb 2026 14:37:29 -0600 Subject: [PATCH] Fix remaining request.url usages that redirect to 0.0.0.0 The previous fix missed the success redirect in the callback route (different closing paren pattern) and the middleware login redirect. Both now use APP_BASE_URL with fallback to request origin. Co-Authored-By: Claude Opus 4.6 --- app/oauth/callback/route.ts | 2 +- proxy.ts | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/oauth/callback/route.ts b/app/oauth/callback/route.ts index 2fcdd0a0..bb35ac76 100644 --- a/app/oauth/callback/route.ts +++ b/app/oauth/callback/route.ts @@ -164,7 +164,7 @@ export async function GET(request: NextRequest) { }); // Redirect to the return URL - return NextResponse.redirect(new URL(returnUrl, request.url)); + return NextResponse.redirect(new URL(returnUrl, baseUrl)); } catch (err) { logger.error("OAuth callback error", err as Error, { code: code ? "[present]" : "[missing]", diff --git a/proxy.ts b/proxy.ts index 8d9bafc2..a2826d88 100644 --- a/proxy.ts +++ b/proxy.ts @@ -33,7 +33,9 @@ export function proxy(request: NextRequest) { const token = request.cookies.get("token")?.value; if (!token) { - const loginUrl = new URL("/login", request.url); + // Use configured base URL when behind a reverse proxy, falling back to request origin for local dev. + const baseUrl = process.env.APP_BASE_URL ?? request.nextUrl.origin; + const loginUrl = new URL("/login", baseUrl); // Preserve the original URL for redirect after login (except for home page) if (pathname !== "/") { loginUrl.searchParams.set("redirect", encodeURIComponent(pathname));