diff --git a/CloudronManifest.json b/CloudronManifest.json
index 7812579..ea8598d 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -4,7 +4,7 @@
   "title": "Community Rule",
   "author": "MEDLab",
   "description": "Community governance and rule-building app",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "httpPort": 3000,
   "healthCheckPath": "/api/health",
   "memoryLimit": 805306368,
diff --git a/app/api/auth/magic-link/verify/route.ts b/app/api/auth/magic-link/verify/route.ts
index d0f6c18..bcfdfe5 100644
--- a/app/api/auth/magic-link/verify/route.ts
+++ b/app/api/auth/magic-link/verify/route.ts
@@ -17,6 +17,7 @@ import {
   logRouteError,
 } from "../../../../../lib/server/requestId";
 import { safeInternalPath } from "../../../../../lib/safeInternalPath";
+import { getPublicOrigin } from "../../../../../lib/server/publicOrigin";
 
 const SCOPE = "auth.magicLink.verify";
 
@@ -100,7 +101,7 @@ function redirectWithRequestId(
   path: string,
   requestId: string,
 ): NextResponse {
-  const res = NextResponse.redirect(new URL(path, request.url));
+  const res = NextResponse.redirect(new URL(path, getPublicOrigin(request)));
   res.headers.set(REQUEST_ID_HEADER, requestId);
   return res;
 }
diff --git a/app/api/invites/rule-stakeholder/verify/route.ts b/app/api/invites/rule-stakeholder/verify/route.ts
index ed63b04..1f8ef10 100644
--- a/app/api/invites/rule-stakeholder/verify/route.ts
+++ b/app/api/invites/rule-stakeholder/verify/route.ts
@@ -16,6 +16,7 @@ import {
   getSessionUser,
   setSessionCookie,
 } from "../../../../../lib/server/session";
+import { getPublicOrigin } from "../../../../../lib/server/publicOrigin";
 
 const SCOPE = "invites.ruleStakeholder.verify";
 
@@ -116,7 +117,7 @@ function redirectWithRequestId(
   path: string,
   requestId: string,
 ): NextResponse {
-  const res = NextResponse.redirect(new URL(path, request.url));
+  const res = NextResponse.redirect(new URL(path, getPublicOrigin(request)));
   res.headers.set(REQUEST_ID_HEADER, requestId);
   return res;
 }
diff --git a/app/api/user/email-change/verify/route.ts b/app/api/user/email-change/verify/route.ts
index c40399b..4e6a08f 100644
--- a/app/api/user/email-change/verify/route.ts
+++ b/app/api/user/email-change/verify/route.ts
@@ -16,6 +16,7 @@ import {
   getOrCreateRequestId,
   logRouteError,
 } from "../../../../../lib/server/requestId";
+import { getPublicOrigin } from "../../../../../lib/server/publicOrigin";
 
 const SCOPE = "user.emailChange.verify";
 
@@ -166,7 +167,7 @@ function redirectWithRequestId(
   path: string,
   requestId: string,
 ): NextResponse {
-  const res = NextResponse.redirect(new URL(path, request.url));
+  const res = NextResponse.redirect(new URL(path, getPublicOrigin(request)));
   res.headers.set(REQUEST_ID_HEADER, requestId);
   return res;
 }