diff --git a/cypress/integration/login.js b/cypress/integration/login.js
index 904b9e0721..b3227fa3ba 100644
--- a/cypress/integration/login.js
+++ b/cypress/integration/login.js
@@ -38,4 +38,21 @@ context('Login', () => {
 		cy.location('pathname').should('eq', '/desk');
 		cy.window().its('frappe.session.user').should('eq', 'Administrator');
 	});
+
+	it('check redirect after login', () => {
+		const payload = new URLSearchParams({
+			uuid: '6fed1519-cfd8-4a2d-84a6-9a1799c7c741',
+			encoded_string: 'hello all',
+			encoded_url: 'http://test.localhost/callback',
+			base64_string: 'aGVsbG8gYWxs'
+		});
+
+		cy.request('/api/method/logout');
+		cy.visit('/login?redirect-to=/me?' + encodeURIComponent(payload.toString()));
+		cy.get('#login_email').type('Administrator');
+		cy.get('#login_password').type(Cypress.config('adminPassword'));
+
+		cy.get('.btn-login').click();
+		cy.url().should('include', '/me?' + payload.toString());
+	});
 });
diff --git a/frappe/public/js/frappe/utils/common.js b/frappe/public/js/frappe/utils/common.js
index 1cdabf23e0..9ff4ade761 100644
--- a/frappe/public/js/frappe/utils/common.js
+++ b/frappe/public/js/frappe/utils/common.js
@@ -276,7 +276,7 @@ frappe.utils.sanitise_redirect = (url) => {
 
 			// check for base domain only if the url is absolute
 			// return true for relative url (except protocol-relative urls)
-			return is_absolute(url) ? domain(location.href) !== domain(url) : true;
+			return is_absolute(url) ? domain(location.href) !== domain(url) : false;
 		}
 	})();