diff --git a/resources/static/include_js/include.js b/resources/static/include_js/include.js
index 8b36799523101ea7218ffb26a8a0f25b9fb9e817..e835b8bd2047671cac878f414e966d300b462b18 100644
--- a/resources/static/include_js/include.js
+++ b/resources/static/include_js/include.js
@@ -8,7 +8,7 @@
 (function() {
   // this is the file that the RP includes to shim in the
   // navigator.id.getVerifiedEmail() function
-//  "use strict";
+  //  "use strict";
 
   // local embedded copy of jschannel: http://github.com/mozilla/jschannel
   /**
@@ -48,7 +48,7 @@
    *    + string method
    *    + (optional) any params
    */
-   var Channel = (function() {
+  var Channel = (function() {
     "use strict";
 
     // current transaction id, start out at a random *odd* number between 1 and a million
@@ -262,7 +262,7 @@
           var oMatch;
           if (cfg.origin === "*") validOrigin = true;
           // allow valid domains under http and https.  Also, trim paths off otherwise valid origins.
-          else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9\.])+(?::\d+)?/))) {
+          else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9_\.])+(?::\d+)?/))) {
             cfg.origin = oMatch[0].toLowerCase();
             validOrigin = true;
           }
@@ -354,7 +354,7 @@
             }
           }, timeout);
         }
-
+        
         var onMessage = function(origin, method, m) {
           // if an observer was specified at allocation time, invoke it
           if (typeof cfg.gotMessageObserver === 'function') {
diff --git a/resources/static/lib/jschannel.js b/resources/static/lib/jschannel.js
index 86a9f596217b2fe00f02659f39bb61ae8238fdcb..ad70c3344f106368cf763af3b45f160008ee36ee 100644
--- a/resources/static/lib/jschannel.js
+++ b/resources/static/lib/jschannel.js
@@ -250,7 +250,7 @@
                 var oMatch;
                 if (cfg.origin === "*") validOrigin = true;
                 // allow valid domains under http and https.  Also, trim paths off otherwise valid origins.
-                else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9\.])+(?::\d+)?/))) {
+                else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9_\.])+(?::\d+)?/))) {
                     cfg.origin = oMatch[0].toLowerCase();
                     validOrigin = true;
                 }
diff --git a/resources/static/provisioning_api.js b/resources/static/provisioning_api.js
index 7b679e784cee65d3b9a0f9b797d0e10bfedcba48..68849b40f10b4580250be7930c13f6c9915fa1f6 100644
--- a/resources/static/provisioning_api.js
+++ b/resources/static/provisioning_api.js
@@ -44,7 +44,7 @@
    *    + string method
    *    + (optional) any params
    */
-   var Channel = (function() {
+  var Channel = (function() {
     "use strict";
 
     // current transaction id, start out at a random *odd* number between 1 and a million
@@ -258,7 +258,7 @@
           var oMatch;
           if (cfg.origin === "*") validOrigin = true;
           // allow valid domains under http and https.  Also, trim paths off otherwise valid origins.
-          else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9\.])+(?::\d+)?/))) {
+          else if (null !== (oMatch = cfg.origin.match(/^https?:\/\/(?:[-a-zA-Z0-9_\.])+(?::\d+)?/))) {
             cfg.origin = oMatch[0].toLowerCase();
             validOrigin = true;
           }
@@ -350,7 +350,7 @@
             }
           }, timeout);
         }
-
+        
         var onMessage = function(origin, method, m) {
           // if an observer was specified at allocation time, invoke it
           if (typeof cfg.gotMessageObserver === 'function') {