diff --git a/frontend/src/views/settings/security.vue b/frontend/src/views/settings/security.vue
index 2c2b051c..0ad7c611 100644
--- a/frontend/src/views/settings/security.vue
+++ b/frontend/src/views/settings/security.vue
@@ -35,6 +35,10 @@
         <b-field :label="$t('settings.security.OIDCRedirectURL')">
           <code><copy-text :text="`${serverConfig.root_url}/auth/oidc`" /></code>
         </b-field>
+        <p v-if="!isURLOk" class="has-text-danger">
+          <b-icon icon="warning-empty" />
+          {{ $t('settings.security.OIDCRedirectWarning') }}
+        </p>
       </div>
     </div>
 
@@ -93,6 +97,15 @@ export default Vue.extend({
     isMobile() {
       return this.windowWidth <= 768;
     },
+
+    isURLOk() {
+      try {
+        const u = new URL(this.serverConfig.root_url);
+        return u.hostname !== 'localhost' && u.hostname !== '127.0.0.1';
+      } catch (e) {
+        return false;
+      }
+    },
   },
 
   methods: {
diff --git a/i18n/en.json b/i18n/en.json
index c4bacc60..02c9ac10 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -368,6 +368,7 @@
     "settings.security.OIDCClientID": "Client ID",
     "settings.security.OIDCClientSecret": "Client secret",
     "settings.security.OIDCRedirectURL": "Redirect URL for oAuth provider",
+    "settings.security.OIDCRedirectWarning": "This does not seem to be a production URL. Change the Root URL in 'General' settings.",
     "settings.appearance.adminHelp": "Custom CSS to apply to the admin UI.",
     "settings.appearance.adminName": "Admin",
     "settings.appearance.customCSS": "Custom CSS",