diff --git a/csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml b/csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml
index 396fca44dd37..daf7e00885d8 100644
--- a/csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml
+++ b/csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml
@@ -3,7 +3,6 @@ extensions:
       pack: codeql/csharp-all
       extensible: sourceModel
     data:
-      - ["Microsoft.AspNetCore.Components", "NavigationManager", True, "get_BaseUri", "", "", "ReturnValue", "remote", "manual"]
       - ["Microsoft.AspNetCore.Components", "NavigationManager", True, "get_Uri", "", "", "ReturnValue", "remote", "manual"]
       - ["Microsoft.AspNetCore.Components", "SupplyParameterFromFormAttribute", False, "", "", "Attribute.Getter", "ReturnValue", "remote", "manual"]
       - ["Microsoft.AspNetCore.Components", "SupplyParameterFromQueryAttribute", False, "", "", "Attribute.Getter", "ReturnValue", "remote", "manual"]
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
index 2906fde4e1de..c3bc5cc2ee83 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
@@ -237,8 +237,15 @@ class AspNetCoreQueryRemoteFlowSource extends AspNetCoreRemoteFlowSource, DataFl
       t instanceof MicrosoftAspNetCoreHttpQueryCollection or
       t instanceof MicrosoftAspNetCoreHttpQueryString
     |
-      this.getExpr().(Call).getTarget().getDeclaringType() = t or
-      this.asExpr().(Access).getTarget().getDeclaringType() = t
+      (
+        this.getExpr().(Call).getTarget().getDeclaringType() = t or
+        this.asExpr().(Access).getTarget().getDeclaringType() = t
+      ) and
+      not this.asExpr()
+          .(MemberAccess)
+          .getTarget()
+          .hasFullyQualifiedName("Microsoft.AspNetCore.Http", "HttpRequest",
+            ["Method", "Scheme", "IsHttps", "Protocol"])
     )
     or
     exists(Call c |
diff --git a/csharp/ql/src/change-notes/2025-08-25-BaseURI-and-HttpRequest-Source-Improvement.md b/csharp/ql/src/change-notes/2025-08-25-BaseURI-and-HttpRequest-Source-Improvement.md
new file mode 100644
index 000000000000..a819680b43f7
--- /dev/null
+++ b/csharp/ql/src/change-notes/2025-08-25-BaseURI-and-HttpRequest-Source-Improvement.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* `NavigationManager.BaseUri` and certain fields in `Microsoft.AspNetCore.Http.HttpRequest` have been removed from `RemoteFlowSource`. This means query `cs/request-forgery` will have significantly less FPs.
\ No newline at end of file