Post-login redirect ignores subpath when using USE_X_SETTINGS=1 behind reverse proxy

[matthewlenz]

Title: Post-login redirect ignores subpath when using USE_X_SETTINGS=1 behind reverse proxy

Describe the bug

When changedetection.io is deployed at a subpath (e.g. https://example.com/changedetection/) behind an nginx reverse proxy with USE_X_SETTINGS=1 and password protection enabled, a successful login redirects to the root domain (https://example.com/) instead of the correct subpath (https://example.com/changedetection/).

The X-Forwarded-Prefix header is being set correctly by the proxy — asset loading, navigation, and the login form action (/changedetection/login) all work correctly. The issue is isolated to the post-login redirect.

Version

0.54.9

How did you install?

Docker (dgtlmoon/changedetection.io)

To Reproduce

1. Run changedetection.io behind a reverse proxy at a subpath (e.g. /changedetection/)
2. Set USE_X_SETTINGS=1 on the container
3. Configure the proxy to set X-Forwarded-Prefix /changedetection in the location block
4. Enable password protection in Settings → General
5. Log out and log back in
6. Observe the post-login redirect goes to https://example.com/ instead of https://example.com/changedetection/

Expected behavior

After a successful login, the app should redirect to https://example.com/changedetection/, honouring the X-Forwarded-Prefix header.

Additional context

The login form action is correctly generated as /changedetection/login, so USE_X_SETTINGS=1 is partially working. General navigation and asset loading work correctly once the user manually returns to the subpath URL.