Settings flow does not respect the return_to with a `/settings` path

[Benehiko]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Network project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

A settings flow containing a return_to with the /settings path causes return_to to be ignored in the settings submit flow. An example is when you have an application with the url https://app.example.com/settings the URL will look like so:

https://auth.example.com/sefl-service/settings/browser?return_to=https://app.example.com/settings.

The project config has the following:

Custom Domain: auth.example.com Custom UI: ui.example.com Settings URL: /settings

note: this only happens with Custom domains and not when developing locally through the Ory tunnel

Reproducing the bug

1. Create a project
2. Add custom domain
3. Add your custom UI base URL
4. Keep the settings UI as a relative path /settings
5. Initiate a settings flow with the return_to query parameter set to a route containing /settings in the path (https://app.example.com/settings)
6. Submit the settings flow and see it stay on the settings page.

Relevant log output

No response

Relevant configuration

No response

Version

latest

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

[aeneasr]

❓❓❓❓ That's gonna be fun :D Probably something in the rewriter. But since this is such an edge case we can probably solve this in a bug squash week or something