diff --git a/superset/utils/urls.py b/superset/utils/urls.py
index aebfe1250618d..c31bfb1a5103c 100644
--- a/superset/utils/urls.py
+++ b/superset/utils/urls.py
@@ -62,6 +62,6 @@ def is_safe_url(url: str) -> bool:
         return False
     if unicodedata.category(url[0])[0] == "C":
         return False
-    if test_url.scheme not in ("http", "https") or ref_url.netloc != test_url.netloc:
+    if test_url.scheme != ref_url.scheme or ref_url.netloc != test_url.netloc:
         return False
     return True
diff --git a/superset/views/datasource/views.py b/superset/views/datasource/views.py
index 32c286c47bf75..c2db174cb1daf 100644
--- a/superset/views/datasource/views.py
+++ b/superset/views/datasource/views.py
@@ -89,7 +89,7 @@ def save(self) -> FlaskResponse:
                     "The submitted URL is not considered safe,"
                     " only use URLs with the same domain as Superset."
                 ),
-                status=500,
+                status=400,
             )
 
         orm_datasource = DatasourceDAO.get_datasource(
diff --git a/tests/integration_tests/datasource_tests.py b/tests/integration_tests/datasource_tests.py
index 753aaa7ef4eb4..edee0028467f1 100644
--- a/tests/integration_tests/datasource_tests.py
+++ b/tests/integration_tests/datasource_tests.py
@@ -307,7 +307,7 @@ def test_save_default_endpoint_validation_fail(self):
         datasource_post["default_endpoint"] = "http://www.google.com"
         data = dict(data=json.dumps(datasource_post))
         resp = self.client.post("/datasource/save/", data=data)
-        assert resp.status_code == 500
+        assert resp.status_code == 400
 
     def test_save_default_endpoint_validation_unsafe(self):
         self.app.config["PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET"] = False
diff --git a/tests/unit_tests/utils/urls_tests.py b/tests/unit_tests/utils/urls_tests.py
index 5a505e44895b4..a3893953b8ba1 100644
--- a/tests/unit_tests/utils/urls_tests.py
+++ b/tests/unit_tests/utils/urls_tests.py
@@ -42,9 +42,12 @@ def test_convert_dashboard_link() -> None:
     [
         ("http://localhost/", True),
         ("http://localhost/superset/1", True),
+        ("https://localhost/", False),
+        ("https://localhost/superset/1", False),
         ("localhost/superset/1", False),
         ("ftp://localhost/superset/1", False),
         ("http://external.com", False),
+        ("https://external.com", False),
         ("external.com", False),
         ("///localhost", False),
         ("xpto://localhost:[3/1/", False),