diff --git a/login_provider/app.py b/login_provider/app.py
index 3b9bd55dd039baf76c53c76f94bb82a32c5439c9..ce92fa6990a4b17d0769f3378c0ac7f7ed39f2dd 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -42,7 +42,7 @@ def login():
             login_user(user)
         next_url = login_form.next_url.data
         if not is_safe_url(next_url):
-            return abort(400)
+            return redirect(url_for('home'))
         return redirect(next_url or url_for('home'))
     login_form.next_url.data = request.args.get('next')
     return render_template('login.html', login_form=login_form)