diff --git a/web/lib/auth.ts b/web/lib/auth.ts
index 1af6eb5..b534a52 100644
--- a/web/lib/auth.ts
+++ b/web/lib/auth.ts
@@ -125,13 +125,6 @@ export const authOptions = {
     strategy: 'jwt',
   },
   callbacks: {
-    async redirect({ url, baseUrl }) {
-      // Always return relative redirects (avoids needing NEXTAUTH_URL)
-      if (url.startsWith("/")) return `${baseUrl}${url}`;
-      // Ensure only safe redirects
-      if (new URL(url).origin === baseUrl) return url;
-      return baseUrl;
-    },
     async jwt({ token, user, trigger, session }) {
       if (trigger === 'update') {
         if (session.name !== token.name) {
diff --git a/web/lib/httpServerClient.ts b/web/lib/httpServerClient.ts
index d4c6177..7b26771 100644
--- a/web/lib/httpServerClient.ts
+++ b/web/lib/httpServerClient.ts
@@ -5,14 +5,27 @@ import { Session } from 'next-auth'
 
 // Create a base URL that works in Docker container network if running in a container
 // or falls back to the public URL if not in a container
-const getServerSideBaseUrl = () => {
-  // When running server-side in Docker, use the service name from docker-compose
+const getServerSideBaseUrl = (): string => {
+  
+  // Prefer explicit public API base URL if set
+  if (process.env.NEXT_PUBLIC_API_BASE_URL) {
+    return process.env.NEXT_PUBLIC_API_BASE_URL
+  }
+
+  // Detect Kubernetes environment
+  if (process.env.KUBERNETES_SERVICE_HOST) {
+    console.log("Detected Kubernetes environment")
+    return process.env.NEXT_PUBLIC_API_BASE_URL || ''
+  }
+
+  // Detect Docker container runtime
   if (process.env.CONTAINER_RUNTIME === 'docker') {
-    console.log('Running in Docker container')
+    console.log("Detected Docker container environment")
     return 'http://textbee-api:3001/api/v1'
   }
-  // Otherwise use the public URL
-  return process.env.NEXT_PUBLIC_API_BASE_URL || ''
+
+  // Fallback to empty string if nothing else matches
+  return ''
 }
 
 export const httpServerClient = axios.create({