diff --git a/src/app/machines/handshake/route.ts b/src/app/machines/handshake/route.ts
index 7b94b97..c8e4192 100644
--- a/src/app/machines/handshake/route.ts
+++ b/src/app/machines/handshake/route.ts
@@ -38,9 +38,12 @@ export async function GET(request: NextRequest) {
 
   const redirectParam = request.nextUrl.searchParams.get("redirect") ?? "/"
   const forwardedProto = request.headers.get("x-forwarded-proto")
-  const forwardedHost = request.headers.get("x-forwarded-host") ?? request.headers.get("host")
-  const forwardedOrigin = forwardedProto && forwardedHost ? `${forwardedProto}://${forwardedHost}` : null
-  const baseOrigin = env.NEXT_PUBLIC_APP_URL ?? forwardedOrigin ?? request.nextUrl.origin
+  const hostHeader = request.headers.get("x-forwarded-host") ?? request.headers.get("host")
+  const schemeFromUrl = request.nextUrl.protocol.replace(/:$/, "") || undefined
+  const derivedOrigin = hostHeader
+    ? `${forwardedProto ?? schemeFromUrl ?? "https"}://${hostHeader}`
+    : null
+  const baseOrigin = env.NEXT_PUBLIC_APP_URL ?? derivedOrigin ?? request.nextUrl.origin
   const redirectUrl = new URL(redirectParam, baseOrigin)
 
   try {