diff --git a/horizon/workflows/views.py b/horizon/workflows/views.py
index 55c642ac4b..365de3f0f3 100644
--- a/horizon/workflows/views.py
+++ b/horizon/workflows/views.py
@@ -94,9 +94,10 @@ class WorkflowView(hz_views.ModalBackdropMixin, generic.TemplateView):
 
         redirect_to = self.request.GET.get(workflow.redirect_param_name)
         # Make sure the requested redirect is safe
-        if redirect_to and not utils_http.is_safe_url(
-                url=redirect_to,
-                allowed_hosts=[self.request.get_host()]):
+        if (redirect_to and
+                not utils_http.url_has_allowed_host_and_scheme(
+                    url=redirect_to,
+                    allowed_hosts=[self.request.get_host()])):
             redirect_to = None
         context['REDIRECT_URL'] = redirect_to
 
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 4e6cbf5702..a342478744 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -285,8 +285,9 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
     # Ensure the user-originating redirection url is safe.
     # Taken from django.contrib.auth.views.login()
     redirect_to = request.GET.get(redirect_field_name, '')
-    if not http.is_safe_url(url=redirect_to,
-                            allowed_hosts=[request.get_host()]):
+    if (not http.url_has_allowed_host_and_scheme(
+            url=redirect_to,
+            allowed_hosts=[request.get_host()])):
         redirect_to = settings.LOGIN_REDIRECT_URL
 
     if auth_ref:
@@ -320,8 +321,9 @@ def switch_region(request, region_name,
                   region_name, request.user.username)
 
     redirect_to = request.GET.get(redirect_field_name, '')
-    if not http.is_safe_url(url=redirect_to,
-                            allowed_hosts=[request.get_host()]):
+    if (not http.url_has_allowed_host_and_scheme(
+            url=redirect_to,
+            allowed_hosts=[request.get_host()])):
         redirect_to = settings.LOGIN_REDIRECT_URL
 
     response = shortcuts.redirect(redirect_to)
@@ -351,8 +353,9 @@ def switch_keystone_provider(request, keystone_provider=None,
         raise exceptions.KeystoneAuthException(msg)
 
     redirect_to = request.GET.get(redirect_field_name, '')
-    if not http.is_safe_url(url=redirect_to,
-                            allowed_hosts=[request.get_host()]):
+    if (not http.url_has_allowed_host_and_scheme(
+            url=redirect_to,
+            allowed_hosts=[request.get_host()])):
         redirect_to = settings.LOGIN_REDIRECT_URL
 
     unscoped_auth_ref = None