diff --git a/packages/core/src/lib/utils/env.ts b/packages/core/src/lib/utils/env.ts
index 0422bb476e..fab73176ff 100644
--- a/packages/core/src/lib/utils/env.ts
+++ b/packages/core/src/lib/utils/env.ts
@@ -76,8 +76,9 @@ export function createActionURL(
     const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host")
     const detectedProtocol =
       headers.get("x-forwarded-proto") ?? protocol ?? "https"
-
-    url = new URL(`${detectedProtocol}://${detectedHost}`)
+    const _protocol = detectedProtocol.endsWith(":") ? detectedProtocol : detectedProtocol + ':'
+    
+    url = new URL(`${_protocol}//${detectedHost}`)
   }
 
   // remove trailing slash
diff --git a/packages/core/test/env.test.ts b/packages/core/test/env.test.ts
index f55f843b9f..78a03c18ff 100644
--- a/packages/core/test/env.test.ts
+++ b/packages/core/test/env.test.ts
@@ -108,7 +108,7 @@ describe("config is inferred from environment variables", () => {
 })
 
 describe("createActionURL", () => {
-  const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => { })
+  const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => {})
 
   afterEach(() => {
     consoleWarnSpy.mockClear()
@@ -161,6 +161,56 @@ describe("createActionURL", () => {
       },
       expected: "https://example.com/auth/signin",
     },
+    {
+      args: {
+        action: "signin",
+        protocol: "http:",
+        headers: new Headers({
+          "x-forwarded-host": "example.com",
+        }),
+        env: {},
+        basePath: "/auth",
+      },
+      expected: "http://example.com/auth/signin",
+    },
+    {
+      args: {
+        action: "signin",
+        protocol: "https:",
+        headers: new Headers({
+          "x-forwarded-host": "example.com",
+        }),
+        env: {},
+        basePath: "/auth",
+      },
+      expected: "https://example.com/auth/signin",
+    },
+    {
+      args: {
+        action: "signin",
+        protocol: undefined,
+        headers: new Headers({
+          "x-forwarded-host": "example.com",
+          "x-forwarded-proto": "https",
+        }),
+        env: {},
+        basePath: "/auth",
+      },
+      expected: "https://example.com/auth/signin",
+    },
+    {
+      args: {
+        action: "signin",
+        protocol: undefined,
+        headers: new Headers({
+          "x-forwarded-host": "example.com",
+          "x-forwarded-proto": "http",
+        }),
+        env: {},
+        basePath: "/auth",
+      },
+      expected: "http://example.com/auth/signin",
+    },
     {
       args: {
         action: "signout",