diff --git a/zerver/lib/thumbnail.py b/zerver/lib/thumbnail.py
index 7704dda970..02304f12a4 100644
--- a/zerver/lib/thumbnail.py
+++ b/zerver/lib/thumbnail.py
@@ -6,7 +6,7 @@ import urllib
 from urllib.parse import urljoin
 
 from django.conf import settings
-from django.utils.http import is_safe_url
+from django.utils.http import url_has_allowed_host_and_scheme
 from libthumbor import CryptoURL
 
 ZULIP_PATH = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
@@ -21,7 +21,9 @@ def is_thumbor_enabled() -> bool:
 
 
 def user_uploads_or_external(url: str) -> bool:
-    return not is_safe_url(url, allowed_hosts=None) or url.startswith("/user_uploads/")
+    return not url_has_allowed_host_and_scheme(url, allowed_hosts=None) or url.startswith(
+        "/user_uploads/"
+    )
 
 
 def get_source_type(url: str) -> str:
@@ -38,11 +40,13 @@ def generate_thumbnail_url(path: str, size: str = "0x0", is_camo_url: bool = Fal
     path = urljoin("/", path)
 
     if not is_thumbor_enabled():
-        if is_safe_url(path, allowed_hosts=None):
+        if url_has_allowed_host_and_scheme(path, allowed_hosts=None):
             return path
         return get_camo_url(path)
 
-    if is_safe_url(path, allowed_hosts=None) and not path.startswith("/user_uploads/"):
+    if url_has_allowed_host_and_scheme(path, allowed_hosts=None) and not path.startswith(
+        "/user_uploads/"
+    ):
         return path
 
     source_type = get_source_type(path)
diff --git a/zerver/views/auth.py b/zerver/views/auth.py
index 1ef5e0fc0b..5713979548 100644
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -16,7 +16,7 @@ from django.http import HttpRequest, HttpResponse, HttpResponseRedirect, HttpRes
 from django.shortcuts import redirect, render
 from django.template.response import SimpleTemplateResponse
 from django.urls import reverse
-from django.utils.http import is_safe_url
+from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.translation import gettext as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_safe
@@ -79,7 +79,7 @@ ExtraContext = Optional[Dict[str, Any]]
 
 
 def get_safe_redirect_to(url: str, redirect_host: str) -> str:
-    is_url_safe = is_safe_url(url=url, allowed_hosts=None)
+    is_url_safe = url_has_allowed_host_and_scheme(url=url, allowed_hosts=None)
     if is_url_safe:
         # Mark as safe to prevent Pysa from surfacing false positives for
         # open redirects. In this branch, we have already checked that the URL