diff --git a/docs/docs/configuration/callbacks.md b/docs/docs/configuration/callbacks.md
index d499dcfde7..f3698e6d54 100644
--- a/docs/docs/configuration/callbacks.md
+++ b/docs/docs/configuration/callbacks.md
@@ -88,9 +88,10 @@ The default redirect callback looks like this:
 ...
 callbacks: {
   async redirect({ url, baseUrl }) {
-    if (url.startsWith(baseUrl)) return url
     // Allows relative callback URLs
-    else if (url.startsWith("/")) return new URL(url, baseUrl).toString()
+    if (url.startsWith("/")) return new URL(url, baseUrl).toString()
+    // Allows callback URLs on the same origin
+    else if (new URL(url).origin === baseUrl) return url
     return baseUrl
   }
 }
@@ -104,7 +105,7 @@ The redirect callback may be invoked more than once in the same flow.
 ## JWT callback
 
 This callback is called whenever a JSON Web Token is created (i.e. at sign
-in) or updated (i.e whenever a session is accessed in the client). The returned value will be [encrypted](/configuration/options#jwt), and it is stored in a cookie.
+in) or updated (i.e whenever a session is accessed in the client). The returned value will be [signed and optionally encrypted](/configuration/options#jwt), and it is stored in a cookie.
 
 Requests to `/api/auth/signin`, `/api/auth/session` and calls to `getSession()`, `useSession()` will invoke this function, but only if you are using a [JWT session](/configuration/options#session). This method is not invoked when you persist sessions in a database.
 
diff --git a/packages/next-auth/src/core/lib/default-callbacks.ts b/packages/next-auth/src/core/lib/default-callbacks.ts
index e8a64d6831..88113a5c35 100644
--- a/packages/next-auth/src/core/lib/default-callbacks.ts
+++ b/packages/next-auth/src/core/lib/default-callbacks.ts
@@ -5,8 +5,8 @@ export const defaultCallbacks: CallbacksOptions = {
     return true
   },
   redirect({ url, baseUrl }) {
-    if (url.startsWith(baseUrl)) return url
-    else if (url.startsWith("/")) return new URL(url, baseUrl).toString()
+    if (url.startsWith("/")) return new URL(url, baseUrl).toString()
+    else if (new URL(url).origin === baseUrl) return url
     return baseUrl
   },
   session({ session }) {