diff --git a/lib/utils/siwe-utils.js b/lib/utils/siwe-utils.js
--- a/lib/utils/siwe-utils.js
+++ b/lib/utils/siwe-utils.js
@@ -44,8 +44,18 @@
   return message.prepareMessage();
 }
 
-const expectedDomain = isDev ? 'localhost:3000' : 'comm.app';
-const expectedURI = isDev ? 'http://localhost:3000' : 'https://comm.app';
+function isValidSIWEDomain(candidate: string): boolean {
+  return isDev
+    ? candidate === 'localhost:3000'
+    : candidate === 'comm.app' || candidate === 'web.comm.app';
+}
+
+function isValidSIWEURI(candidate: string): boolean {
+  return isDev
+    ? candidate === 'http://localhost:3000'
+    : candidate === 'https://comm.app' || candidate === 'https://web.comm.app';
+}
+
 // Verify that the SIWEMessage is a well formed Comm SIWE Auth message.
 function isValidSIWEMessage(candidate: SIWEMessage): boolean {
   return (
@@ -55,8 +65,8 @@
         isValidSIWEStatementWithPublicKey(candidate.statement))) &&
     candidate.version === '1' &&
     candidate.chainId === 1 &&
-    candidate.domain === expectedDomain &&
-    candidate.uri === expectedURI &&
+    isValidSIWEDomain(candidate.domain) &&
+    isValidSIWEURI(candidate.uri) &&
     isValidSIWENonce(candidate.nonce) &&
     isValidEthereumAddress(candidate.address)
   );