chore(release): bump version

packages/adapter-sequelize/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-auth/sequelize-adapter",
-  "version": "1.0.4",
+  "version": "1.0.3",
   "description": "Sequelize adapter for next-auth.",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/adapters",
@@ -42,4 +42,4 @@
   "jest": {
     "preset": "@next-auth/adapter-test/jest"
   }
-}
+}

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.5.0",
+  "version": "4.4.0",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -132,4 +132,4 @@
     "**/tests",
     "**/__tests__"
   ]
-}
+}

packages/next-auth/src/core/lib/assert.ts

@@ -21,11 +21,9 @@ type ConfigError =
 
 let twitterWarned = false
 
-function isValidHttpUrl(url: string, baseUrl: string) {
+function isValidHttpUrl(url: string) {
   try {
-    return /^https?:/.test(
-      new URL(url, url.startsWith("/") ? baseUrl : undefined).protocol
-    )
+    return /^https?:/.test(new URL(url).protocol)
   } catch {
     return false
   }
@@ -59,24 +57,23 @@ export function assertConfig(
 
   const callbackUrlParam = req.query?.callbackUrl as string | undefined
 
-  const url = parseUrl(req.host)
-
-  if (callbackUrlParam && !isValidHttpUrl(callbackUrlParam, url.base)) {
+  if (callbackUrlParam && !isValidHttpUrl(callbackUrlParam)) {
     return new InvalidCallbackUrl(
       `Invalid callback URL. Received: ${callbackUrlParam}`
     )
   }
 
-  // This is below the callbackUrlParam check because it would obscure the error
   if (!req.host) return "NEXTAUTH_URL"
 
+  const url = parseUrl(req.host)
+
   const { callbackUrl: defaultCallbackUrl } = defaultCookies(
     options.useSecureCookies ?? url.base.startsWith("https://")
   )
   const callbackUrlCookie =
     req.cookies?.[options.cookies?.callbackUrl?.name ?? defaultCallbackUrl.name]
 
-  if (callbackUrlCookie && !isValidHttpUrl(callbackUrlCookie, url.base)) {
+  if (callbackUrlCookie && !isValidHttpUrl(callbackUrlCookie)) {
     return new InvalidCallbackUrl(
       `Invalid callback URL. Received: ${callbackUrlCookie}`
     )