From a1799715c6c0bcf07f7c398752f2a6e72834cae1 Mon Sep 17 00:00:00 2001
From: DMleadgen <matt@dmleadgen.net>
Date: Thu, 16 Apr 2026 11:14:15 -0600
Subject: [PATCH] fix: prefer public origin for admin auth redirects

---
 app/api/admin/auth/login/route.ts  | 15 +++++++++++++++
 app/api/admin/auth/logout/route.ts | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/app/api/admin/auth/login/route.ts b/app/api/admin/auth/login/route.ts
index fb9c0b1b..e9293e80 100644
--- a/app/api/admin/auth/login/route.ts
+++ b/app/api/admin/auth/login/route.ts
@@ -43,6 +43,21 @@ export async function POST(request: Request) {
 
 async function getPublicOrigin(request: Request) {
   const headerStore = await headers()
+  const origin = headerStore.get("origin")
+  if (origin) {
+    return origin
+  }
+
+  const referer = headerStore.get("referer")
+  if (referer) {
+    return new URL(referer).origin
+  }
+
+  const siteUrl = process.env.NEXT_PUBLIC_SITE_URL
+  if (siteUrl) {
+    return siteUrl
+  }
+
   const forwardedProto = headerStore.get("x-forwarded-proto")
   const forwardedHost = headerStore.get("x-forwarded-host")
   const host = forwardedHost || headerStore.get("host")
diff --git a/app/api/admin/auth/logout/route.ts b/app/api/admin/auth/logout/route.ts
index ba8a9cea..8dc20f4e 100644
--- a/app/api/admin/auth/logout/route.ts
+++ b/app/api/admin/auth/logout/route.ts
@@ -26,6 +26,21 @@ export async function POST(request: Request) {
 
 async function getPublicOrigin(request: Request) {
   const headerStore = await headers()
+  const origin = headerStore.get("origin")
+  if (origin) {
+    return origin
+  }
+
+  const referer = headerStore.get("referer")
+  if (referer) {
+    return new URL(referer).origin
+  }
+
+  const siteUrl = process.env.NEXT_PUBLIC_SITE_URL
+  if (siteUrl) {
+    return siteUrl
+  }
+
   const forwardedProto = headerStore.get("x-forwarded-proto")
   const forwardedHost = headerStore.get("x-forwarded-host")
   const host = forwardedHost || headerStore.get("host")