diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
index 0829d142d..88c7321f5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
@@ -203,18 +203,20 @@ sub _buildAuthLoop {
             if ( $auth and $userDB and $passwordDB ) {
 
                 # Default URL
+                $req->{cspFormAction} ||= '';
                 if (defined $url
                     and not $self->checkXSSAttack(
                         'URI', $req->env->{'REQUEST_URI'}
                     )
                     and $url
-                    =~ m%^(https?://)?[^\s/$.?#].[^\s]*$% # URL must be well formatted
+                    =~ q%^(https?://)?[^\s/.?#$].[^\s]+$% # URL must be well formatted
                     )
                 {
-                    $url .= $req->env->{'REQUEST_URI'};
+                    #$url .= $req->env->{'REQUEST_URI'};
+
+                    # Avoid append same URL
                     $req->{cspFormAction} .= " $url"
-                        unless $req->{cspFormAction}
-                        =~ qr%\b$url\b%;                      # Avoid append same URL
+                        unless $req->{cspFormAction} =~ qr%\b$url\b%;
                 }
                 else {
                     $url .= '#';