diff --git a/app/Http/RequestHandlers/AddChildToFamilyAction.php b/app/Http/RequestHandlers/AddChildToFamilyAction.php
index e86c72a5ec2..564a0045327 100644
--- a/app/Http/RequestHandlers/AddChildToFamilyAction.php
+++ b/app/Http/RequestHandlers/AddChildToFamilyAction.php
@@ -20,8 +20,6 @@
 namespace Fisharebest\Webtrees\Http\RequestHandlers;
 
 use Fisharebest\Webtrees\Auth;
-use Fisharebest\Webtrees\Date;
-use Fisharebest\Webtrees\Individual;
 use Fisharebest\Webtrees\Registry;
 use Fisharebest\Webtrees\Services\GedcomEditService;
 use Fisharebest\Webtrees\Tree;
@@ -79,6 +77,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         // Link the child to the family
         $family->createFact('1 CHIL @' . $child->xref() . '@', false);
 
-        return redirect($params['url'] ?? $child->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $child->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/AddChildToIndividualAction.php b/app/Http/RequestHandlers/AddChildToIndividualAction.php
index d1cc7eba08e..48e0c77b9aa 100644
--- a/app/Http/RequestHandlers/AddChildToIndividualAction.php
+++ b/app/Http/RequestHandlers/AddChildToIndividualAction.php
@@ -85,6 +85,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         // Link the child to the family
         $child->createFact('1 FAMC @' . $family->xref() . '@', false);
 
-        return redirect($params['url'] ?? $child->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $child->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/AddParentToIndividualAction.php b/app/Http/RequestHandlers/AddParentToIndividualAction.php
index 527ef37166b..0b7ecdd0fb4 100644
--- a/app/Http/RequestHandlers/AddParentToIndividualAction.php
+++ b/app/Http/RequestHandlers/AddParentToIndividualAction.php
@@ -85,6 +85,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         // Link the parent to the family
         $parent->createFact('1 FAMS @' . $family->xref() . '@', false);
 
-        return redirect($params['url'] ?? $parent->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $parent->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/AddSpouseToFamilyAction.php b/app/Http/RequestHandlers/AddSpouseToFamilyAction.php
index e0de3029c77..80755cb653d 100644
--- a/app/Http/RequestHandlers/AddSpouseToFamilyAction.php
+++ b/app/Http/RequestHandlers/AddSpouseToFamilyAction.php
@@ -94,6 +94,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         // Link the spouse to the family
         $family->createFact('1 ' . $link . ' @' . $spouse->xref() . '@', false);
 
-        return redirect($params['url'] ?? $spouse->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $spouse->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/AddSpouseToIndividualAction.php b/app/Http/RequestHandlers/AddSpouseToIndividualAction.php
index 705b72834d2..e9e2547f1e1 100644
--- a/app/Http/RequestHandlers/AddSpouseToIndividualAction.php
+++ b/app/Http/RequestHandlers/AddSpouseToIndividualAction.php
@@ -88,6 +88,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         // Link the spouse to the family
         $spouse->createFact('1 FAMS @' . $family->xref() . '@', false);
 
-        return redirect($params['url'] ?? $spouse->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $spouse->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/AddUnlinkedAction.php b/app/Http/RequestHandlers/AddUnlinkedAction.php
index b45a0fa4cfd..81e7949cc84 100644
--- a/app/Http/RequestHandlers/AddUnlinkedAction.php
+++ b/app/Http/RequestHandlers/AddUnlinkedAction.php
@@ -65,6 +65,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
 
         $individual = $tree->createIndividual("0 @@ INDI\n" . $gedcom);
 
-        return redirect($params['url'] ?? $individual->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $individual->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/ContactAction.php b/app/Http/RequestHandlers/ContactAction.php
index 5cb6548541c..5a88657c03e 100644
--- a/app/Http/RequestHandlers/ContactAction.php
+++ b/app/Http/RequestHandlers/ContactAction.php
@@ -142,7 +142,7 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) {
             FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
 
-            $url = $url ?: route(TreePage::class, ['tree' => $tree->name()]);
+            $url = str_starts_with($url, $base_url) ? $url : route(TreePage::class, ['tree' => $tree->name()]);
 
             return redirect($url);
         }
diff --git a/app/Http/RequestHandlers/EditFactAction.php b/app/Http/RequestHandlers/EditFactAction.php
index 18696fc0887..b31713a4ef3 100644
--- a/app/Http/RequestHandlers/EditFactAction.php
+++ b/app/Http/RequestHandlers/EditFactAction.php
@@ -114,6 +114,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
             }
         }
 
-        return redirect($params['url'] ?? $record->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $record->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/EditRawFactAction.php b/app/Http/RequestHandlers/EditRawFactAction.php
index ab533a5e41a..7f86ff8c527 100644
--- a/app/Http/RequestHandlers/EditRawFactAction.php
+++ b/app/Http/RequestHandlers/EditRawFactAction.php
@@ -72,6 +72,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
             }
         }
 
-        return redirect($params['url'] ?? $record->url());
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $record->url();
+
+        return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/EmptyClipboard.php b/app/Http/RequestHandlers/EmptyClipboard.php
index 4c3e117997d..4f50ae1c44b 100644
--- a/app/Http/RequestHandlers/EmptyClipboard.php
+++ b/app/Http/RequestHandlers/EmptyClipboard.php
@@ -59,10 +59,11 @@ public function handle(ServerRequestInterface $request): ResponseInterface
     {
         $params = (array) $request->getParsedBody();
 
-        $url = $params['url'] ?? $request->getHeaderLine('Referer');
-
         $this->clipboard_service->emptyClipboard();
 
+        $base_url = $request->getAttribute('base_url');
+        $url      = str_starts_with($params['url'], $base_url) ? $params['url'] : $request->getHeaderLine('Referer');
+
         return redirect($url);
     }
 }
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php
index fb4d823bdf1..a3a95412109 100644
--- a/app/Http/RequestHandlers/LoginAction.php
+++ b/app/Http/RequestHandlers/LoginAction.php
@@ -82,7 +82,8 @@ public function handle(ServerRequestInterface $request): ResponseInterface
             }
 
             // Redirect to the target URL
-            $url = $url ?: route(HomePage::class);
+            $base_url = $request->getAttribute('base_url');
+            $url      = str_starts_with($url, $base_url) ? $url : route(HomePage::class);
 
             return redirect($url);
         } catch (Exception $ex) {
diff --git a/app/Http/RequestHandlers/MessageAction.php b/app/Http/RequestHandlers/MessageAction.php
index b7e79c43f9e..6954125aaf9 100644
--- a/app/Http/RequestHandlers/MessageAction.php
+++ b/app/Http/RequestHandlers/MessageAction.php
@@ -95,7 +95,8 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         if ($this->message_service->deliverMessage($user, $to_user, $subject, $body, $url, $ip)) {
             FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
 
-            $url = $url ?: route(TreePage::class, ['tree' => $tree->name()]);
+            $base_url = $request->getAttribute('base_url');
+            $url      = str_starts_with($url, $base_url) ? $url : route(TreePage::class, ['tree' => $tree->name()]);
 
             return redirect($url);
         }