diff --git a/routes/login.js b/routes/login.js
index 08bba246..6bebc755 100644
--- a/routes/login.js
+++ b/routes/login.js
@@ -36,7 +36,10 @@ router.route("/")
     .post(async (request, response) => {
     const userName = request.body.userName;
     const passwordPlain = request.body.password;
-    const redirectURL = getSafeRedirectURL(request.body.redirect);
+    const unsafeRedirectURL = request.body.redirect;
+    const redirectURL = getSafeRedirectURL(typeof (unsafeRedirectURL) === "string" ?
+        unsafeRedirectURL :
+        "");
     const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain);
     let userObject;
     if (isAuthenticated) {
diff --git a/routes/login.ts b/routes/login.ts
index 91946999..6267a0d4 100644
--- a/routes/login.ts
+++ b/routes/login.ts
@@ -59,7 +59,11 @@ router.route("/")
         const userName = request.body.userName as string;
         const passwordPlain = request.body.password as string;
 
-        const redirectURL = getSafeRedirectURL(request.body.redirect);
+        const unsafeRedirectURL = request.body.redirect;
+
+        const redirectURL = getSafeRedirectURL(typeof (unsafeRedirectURL) === "string" ?
+            unsafeRedirectURL :
+            "");
 
         const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain)
         let userObject: recordTypes.User;