diff --git a/plinth/modules/apache/views.py b/plinth/modules/apache/views.py
index 1a65925b9..bc46f9b1b 100644
--- a/plinth/modules/apache/views.py
+++ b/plinth/modules/apache/views.py
@@ -39,7 +39,7 @@ class DiscoverIDPView(View):
             return HttpResponseBadRequest(f'Cannot handle "{method}" method')
 
         oidc_callback_parts = urlparse(oidc_callback)
-        request_host = request.META['HTTP_HOST']
+        request_host = request.get_host()
         if request_host != oidc_callback_parts.netloc:
             return HttpResponseBadRequest(
                 f'Cannot redirect from {request_host} to a different host '
diff --git a/plinth/modules/oidc/validators.py b/plinth/modules/oidc/validators.py
index 0003539c4..3ef3900a1 100644
--- a/plinth/modules/oidc/validators.py
+++ b/plinth/modules/oidc/validators.py
@@ -81,6 +81,8 @@ def _validate_local_domains_and_ips(redirect_uri, request,
     Scheme is not checked. Changing IP address during OpenID Connect flow is
     not allowed.
     """
+    # Requires 'ProxyPreserveHost On' in Apache2 configuration for proxying
+    # requests to FreedomBox service.
     request_host = request.headers.get('HTTP_HOST')
 
     parsed_redirect_uri = urllib.parse.urlparse(redirect_uri)