diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index eb2a4f8f..9902898c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -110,7 +110,7 @@ class ApplicationController < ActionController::Base
           redirect_to :root, alert: message
         # Redirect to main domain if the request originated from our render_host
         elsif request.path == '/' && request.host == RENDER_HOST
-          redirect_to Rails.application.config.action_mailer.default_url_options
+          redirect_to Rails.application.config.action_mailer.default_url_options, allow_other_host: true
         else
           redirect_back fallback_location: :root, allow_other_host: false, alert: message
         end
diff --git a/app/controllers/concerns/lti.rb b/app/controllers/concerns/lti.rb
index 0b0ffab1..0592b3da 100644
--- a/app/controllers/concerns/lti.rb
+++ b/app/controllers/concerns/lti.rb
@@ -124,10 +124,10 @@ module Lti
   private :require_valid_oauth_signature
 
   def return_to_consumer(options = {})
-    consumer_return_url = @provider.try(:launch_presentation_return_url) || params[:launch_presentation_return_url]
+    consumer_return_url = @provider.try(:launch_presentation_return_url)
     if consumer_return_url
       consumer_return_url += "?#{options.to_query}" if options.present?
-      redirect_to(consumer_return_url)
+      redirect_to(consumer_return_url, allow_other_host: true)
     else
       flash[:danger] = options[:lti_errormsg]
       flash[:info] = options[:lti_msg]
diff --git a/spec/concerns/lti_spec.rb b/spec/concerns/lti_spec.rb
index 54ca9daf..e8ea620c 100644
--- a/spec/concerns/lti_spec.rb
+++ b/spec/concerns/lti_spec.rb
@@ -63,17 +63,18 @@ describe Lti do
   describe '#return_to_consumer' do
     context 'with a return URL' do
       let(:consumer_return_url) { 'https://example.org' }
+      let(:provider) { instance_double(IMS::LTI::ToolProvider, launch_presentation_return_url: consumer_return_url) }
 
-      before { allow(controller).to receive(:params).and_return(launch_presentation_return_url: consumer_return_url) }
+      before { controller.instance_variable_set(:@provider, provider) }
 
       it 'redirects to the tool consumer' do
-        expect(controller).to receive(:redirect_to).with(consumer_return_url)
+        expect(controller).to receive(:redirect_to).with(consumer_return_url, allow_other_host: true)
         controller.send(:return_to_consumer)
       end
 
       it 'passes messages to the consumer' do
         message = I18n.t('sessions.oauth.failure')
-        expect(controller).to receive(:redirect_to).with("#{consumer_return_url}?lti_errorlog=#{CGI.escape(message)}")
+        expect(controller).to receive(:redirect_to).with("#{consumer_return_url}?lti_errorlog=#{CGI.escape(message)}", allow_other_host: true)
         controller.send(:return_to_consumer, lti_errorlog: message)
       end
     end