What problem does this address?

Our current method for retrieving the current URL is as follows:

$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

• https://github.com/WordPress/gutenberg/blob/trunk/packages/block-library/src/loginout/index.php#L20C2-L20C105

This approach relies on is_ssl() and $_SERVER['HTTP_HOST'], and it accesses $_SERVER['HTTP_HOST'] without checking if it is set. It also lacks proper usage of wp_unslash() and sanitization.

What is your proposed solution?

Why rely on $_SERVER['HTTP_HOST'] and is_ssl() when we can construct the URL directly using:

home_url( wp_unslash( sanitize_url( $_SERVER['REQUEST_URI'] ) ) )

This provides a more secure and WordPress-native approach.