Jupiter Wallet trusts the dapp-provided domain field in SolanaSignIn requests instead of deriving it from the verified origin. This page is hosted on but requests a SIWS signature bound to jup.ag. Per EIP-4361: "If the host part of the domain and origin do not match, the Wallet MUST reject the request."