diff --git a/packages/next-auth/package.json b/packages/next-auth/package.json
index 7d22281052..08df9acf0d 100644
--- a/packages/next-auth/package.json
+++ b/packages/next-auth/package.json
@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.24.11",
+  "version": "4.25.0",
   "description": "Authentication for Next.js",
   "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth.git",
diff --git a/packages/next-auth/src/core/index.ts b/packages/next-auth/src/core/index.ts
index 9d16f057ea..939b718450 100644
--- a/packages/next-auth/src/core/index.ts
+++ b/packages/next-auth/src/core/index.ts
@@ -70,17 +70,24 @@ async function toInternalRequest(
       cookies: parseCookie(req.headers.get("cookie") ?? ""),
       providerId: nextauth[1],
       error: url.searchParams.get("error") ?? nextauth[1],
-      origin: detectOrigin(
-        headers["x-forwarded-host"] ?? headers.host,
-        headers["x-forwarded-proto"]
-      ),
+      origin: headers?.host
+        ? `${url.protocol}//${headers.host}`
+        : detectOrigin(
+            headers["x-forwarded-host"] ?? headers.host,
+            headers["x-forwarded-proto"]
+          ),
       query,
     }
   }
 
   const { headers } = req
   const host = headers?.["x-forwarded-host"] ?? headers?.host
-  req.origin = detectOrigin(host, headers?.["x-forwarded-proto"])
+
+  req.origin = host
+    ? (process.env.NEXTAUTH_URL?.startsWith("https://") ?? !!process.env.VERCEL
+        ? "https://"
+        : "http://") + host
+    : detectOrigin(host, headers?.["x-forwarded-proto"])
 
   return req
 }
diff --git a/packages/next-auth/src/react/index.tsx b/packages/next-auth/src/react/index.tsx
index e0308c5c98..ad877ff032 100644
--- a/packages/next-auth/src/react/index.tsx
+++ b/packages/next-auth/src/react/index.tsx
@@ -47,7 +47,11 @@ export * from "./types"
 // 2. When invoked server side the value is picked up from an environment
 //    variable and defaults to 'http://localhost:3000'.
 const __NEXTAUTH: AuthClientConfig = {
-  baseUrl: parseUrl(process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL).origin,
+  baseUrl: parseUrl(
+    typeof window === "undefined"
+      ? process.env.NEXTAUTH_URL ?? process.env.VERCEL_URL
+      : window.origin
+  ).origin,
   basePath: parseUrl(process.env.NEXTAUTH_URL).path,
   baseUrlServer: parseUrl(
     process.env.NEXTAUTH_URL_INTERNAL ??