From 7005c92fde856ba87adb05e637ac13c5b95c2b71 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Tue, 21 Jan 2025 18:30:34 +0200
Subject: [PATCH 1/4] chore(nextjs): Append `return_url` when logging the
 claimUrl for on Keyless

---
 .changeset/wet-donuts-tap.md                          |  5 +++++
 .../nextjs/src/app-router/server/ClerkProvider.tsx    | 11 ++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/wet-donuts-tap.md

diff --git a/.changeset/wet-donuts-tap.md b/.changeset/wet-donuts-tap.md
new file mode 100644
index 00000000000..db93e40aba7
--- /dev/null
+++ b/.changeset/wet-donuts-tap.md
@@ -0,0 +1,5 @@
+---
+'@clerk/nextjs': patch
+---
+
+Append `return_url` when logging the claimUrl for on Keyless.
diff --git a/packages/nextjs/src/app-router/server/ClerkProvider.tsx b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
index ff59c754fea..0130498bdfc 100644
--- a/packages/nextjs/src/app-router/server/ClerkProvider.tsx
+++ b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
@@ -111,12 +111,21 @@ export async function ClerkProvider(
       } else {
         const KeylessCookieSync = await import('../client/keyless-cookie-sync.js').then(mod => mod.KeylessCookieSync);
 
+        /**
+         * Allow developer to return to local application after claiming
+         */
+        const referer = (await headers()).get('referer');
+        const claimUrl = new URL(newOrReadKeys.claimUrl);
+        if (referer) {
+          claimUrl.searchParams.set('return_url', referer);
+        }
+
         /**
          * Notify developers.
          */
         keylessLogger?.log({
           cacheKey: newOrReadKeys.publishableKey,
-          msg: createKeylessModeMessage(newOrReadKeys),
+          msg: createKeylessModeMessage({ ...newOrReadKeys, claimUrl: claimUrl.href }),
         });
 
         output = <KeylessCookieSync {...newOrReadKeys}>{clientProvider}</KeylessCookieSync>;

From 0565e55d58bdb96c90feba1471f6516e58eca0b9 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Wed, 22 Jan 2025 10:42:53 +0200
Subject: [PATCH 2/4] replace referer with x-forward-host

---
 .../src/app-router/server/ClerkProvider.tsx     | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/packages/nextjs/src/app-router/server/ClerkProvider.tsx b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
index 0130498bdfc..0808a97d85e 100644
--- a/packages/nextjs/src/app-router/server/ClerkProvider.tsx
+++ b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
@@ -24,6 +24,14 @@ const getNonceFromCSPHeader = React.cache(async function getNonceFromCSPHeader()
   return getScriptNonceFromHeader((await headers()).get('Content-Security-Policy') || '') || '';
 });
 
+const onlyTry = (cb: () => unknown) => {
+  try {
+    cb();
+  } catch (e) {
+    // ingore
+  }
+};
+
 export async function ClerkProvider(
   props: Without<NextClerkProviderProps, '__unstable_invokeMiddlewareOnAuthStateChange'>,
 ) {
@@ -111,13 +119,16 @@ export async function ClerkProvider(
       } else {
         const KeylessCookieSync = await import('../client/keyless-cookie-sync.js').then(mod => mod.KeylessCookieSync);
 
+        const headerStore = await headers();
         /**
          * Allow developer to return to local application after claiming
          */
-        const referer = (await headers()).get('referer');
+        const host = headerStore.get('x-forwarded-host');
+        const proto = headerStore.get('x-forwarded-proto');
+
         const claimUrl = new URL(newOrReadKeys.claimUrl);
-        if (referer) {
-          claimUrl.searchParams.set('return_url', referer);
+        if (host && proto) {
+          onlyTry(() => claimUrl.searchParams.set('return_url', new URL(`${proto}://${host}`).href));
         }
 
         /**

From 0a5fd2497ae4b7191d7c50a2353502c823874c27 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Wed, 22 Jan 2025 17:55:33 +0200
Subject: [PATCH 3/4] Update
 packages/nextjs/src/app-router/server/ClerkProvider.tsx

Co-authored-by: Tom Milewski <me@tm.codes>
---
 packages/nextjs/src/app-router/server/ClerkProvider.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/nextjs/src/app-router/server/ClerkProvider.tsx b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
index 0808a97d85e..8b55d434396 100644
--- a/packages/nextjs/src/app-router/server/ClerkProvider.tsx
+++ b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
@@ -28,7 +28,7 @@ const onlyTry = (cb: () => unknown) => {
   try {
     cb();
   } catch (e) {
-    // ingore
+    // ignore
   }
 };
 

From 287594d639b16330d5a9be7fff94564d203ff258 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Wed, 22 Jan 2025 17:56:02 +0200
Subject: [PATCH 4/4] Update
 packages/nextjs/src/app-router/server/ClerkProvider.tsx

Co-authored-by: Tom Milewski <me@tm.codes>
---
 packages/nextjs/src/app-router/server/ClerkProvider.tsx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/nextjs/src/app-router/server/ClerkProvider.tsx b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
index 8b55d434396..7748f06fa6a 100644
--- a/packages/nextjs/src/app-router/server/ClerkProvider.tsx
+++ b/packages/nextjs/src/app-router/server/ClerkProvider.tsx
@@ -24,6 +24,7 @@ const getNonceFromCSPHeader = React.cache(async function getNonceFromCSPHeader()
   return getScriptNonceFromHeader((await headers()).get('Content-Security-Policy') || '') || '';
 });
 
+/** Discards errors thrown by attempted code */
 const onlyTry = (cb: () => unknown) => {
   try {
     cb();