The default :login-uri is /login, which gets used in the "Location" header when generating redirects. Browsers may accept this, but it is not valid according to the HTTP spec, which requires an absolute URI.
Clients which expect an absolute URI in the "Location" header will fail in this case.
See this line in friend.clj
You're quite right. I had no idea that that required an absolute URI.
There's already a fn in friend to determine the complete URL corresponding to a ring request, so we have the raw materials we need. Would it seem suitable to resolve whatever is provided to :login-uri against the result of that function, and use that result as the value of Location?
Always send absolute URIs on redirects, fixes gh-42
Fixed based on what I mentioned last night. Will be in [com.cemerick/friend "0.1.3"] unless someone shrieks that I did something wrong. ;-)