diff --git a/admin/src/AdminTrait.php b/admin/src/AdminTrait.php
index e9e8ff88..053424fa 100644
--- a/admin/src/AdminTrait.php
+++ b/admin/src/AdminTrait.php
@@ -84,7 +84,7 @@ trait AdminTrait
      */
     protected function redirectToReferer($code = 302, $default = '/')
     {
-        if (!is_null(HTTPRequest::referer()) && HTTPRequest::referer() !== Uri::current()) {
+        if (HTTPRequest::validateReferer($this->uri('/')) && HTTPRequest::referer() !== Uri::current()) {
             Header::redirect(HTTPRequest::referer(), $code);
         } else {
             Header::redirect($this->uri($default), $code);
diff --git a/formwork/Utils/HTTPRequest.php b/formwork/Utils/HTTPRequest.php
index 76b96292..6248a152 100755
--- a/formwork/Utils/HTTPRequest.php
+++ b/formwork/Utils/HTTPRequest.php
@@ -108,6 +108,19 @@ class HTTPRequest
         return static::hasHeader('Referer') ? static::$headers['Referer'] : null;
     }
 
+    /**
+     * Check if the request referer has the same origin
+     *
+     * @param string $path Optional URI path
+     *
+     * @return bool
+     */
+    public static function validateReferer($path = null)
+    {
+        $base = Uri::normalize(Uri::base() . '/' . ltrim($path, '/'));
+        return substr(static::referer(), 0, strlen($base)) === $base;
+    }
+
     /**
      * Get request origin
      *