diff --git a/redirect/functions/redirect.js b/redirect/functions/redirect.js
index 5afa1e7d4..ff7f18d23 100644
--- a/redirect/functions/redirect.js
+++ b/redirect/functions/redirect.js
@@ -1,6 +1,18 @@
 // @ts-check
-const schemes = new Set(['vscode', 'vscode-insiders', 'vscodium', 'gitpod-code', 'code-oss'])
-const validQueryParams = new Set(['vscode-reqid', 'vscode-scheme', 'vscode-authority', 'vscode-path', 'windowId'])
+let schemes = new Set([
+  'vscode',
+  'vscode-insiders',
+  'vscodium',
+  'gitpod-code',
+  'code-oss',
+])
+let validQueryParams = new Set([
+  'vscode-reqid',
+  'vscode-scheme',
+  'vscode-authority',
+  'vscode-path',
+  'windowId',
+])
 
 /**
  * @param {import('@netlify/functions').HandlerEvent} event
@@ -12,7 +24,12 @@ exports.handler = async function (event, _context) {
   if (state == null) throw new Error(`Missing "state" query parameter.`)
   const url = new URL(Buffer.from(state, 'base64url').toString())
   const scheme = url.protocol.slice(0, -1)
-  if (scheme === 'http' || scheme === 'https') {
+  if (
+    url.host === 'https://github.dev' &&
+    url.pathname === '/extension-auth-callback'
+  ) {
+    validQueryParams = new Set(['state'])
+  } else if (scheme === 'http' || scheme === 'https') {
     validate(
       url.searchParams.get('vscode-scheme'),
       url.searchParams.get('vscode-authority'),
@@ -22,20 +39,20 @@ exports.handler = async function (event, _context) {
     validate(scheme, url.host, url.pathname)
   }
 
+  url.searchParams.set('code', code)
   url.searchParams.forEach((_, key) => {
     if (!validQueryParams.has(key)) url.searchParams.delete(key)
   })
 
-  url.searchParams.set('code', code)
-  url.searchParams.set('state', '')
-
   return getResponse(url.toString())
 }
 
 function validate(scheme, hostname, pathname) {
   if (!schemes.has(scheme)) throw new Error(`Invalid scheme: ${scheme}`)
-  if (hostname !== 'znck.grammarly') throw new Error(`Invalid authority: ${hostname}`)
-  if (pathname !== '/auth/callback') throw new Error(`Invalid path: ${pathname}`)
+  if (hostname !== 'znck.grammarly')
+    throw new Error(`Invalid authority: ${hostname}`)
+  if (pathname !== '/auth/callback')
+    throw new Error(`Invalid path: ${pathname}`)
 }
 
 /**