diff --git a/src/controllers/index.js b/src/controllers/index.js
index a43480d50e..8bf4a798e4 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -104,7 +104,7 @@ Controllers.login = function (req, res, next) {
 	var registrationType = meta.config.registrationType || 'normal';
 
 	var allowLoginWith = (meta.config.allowLoginWith || 'username-email');
-	var returnTo = req.headers['x-return-to'].replace(nconf.get('url'), '');
+	var returnTo = (req.headers['x-return-to'] || '').replace(nconf.get('url'), '');
 
 	var errorText;
 	if (req.query.error === 'csrf-invalid') {