Deceptive site request when logging on the right domain

Hi everyone, recently on my website I started to receive while testing the MetaMask connection this error message on the MM popup

Deceptive site request.

The site you’re attempting to sign into doesn’t match the domain in the request. Proceed with caution.

Schermata 2023-03-25 alle 08.53.28696×340 50.4 KB

I thought it was because I was using a testing environment on localhost, but also when I deployed the new site version, the message is show in the same way, even if the domain is correctly matching.

When we authorize the user we are simply providing these information:

const DOMAIN = …

const STATEMENT = ‘Please sign this message to confirm your identity on …’;

const URI =…

const EXPIRATION_TIME = …

const TIMEOUT = …

with the correct info on domain and URI

Any suggestion on how we could fix this?

Thank you

Hello @mgerar !
Welcome to MetaMask community )

Are there any error logs in the console? Probably there is SIWE domain error.

Got a similar issue,

On MetaMask 10.25, everything works fine
As of MetaMask 10.26.2, this phishing warning appears

Perhaps there is a SIWE domain error and 10.26 just introduced some stricter policies. But the code did not change, just updating the users MetaMask

Thank you both for the answers, I solved simply adding in the authentication DOMAIN field server side the “www.” to the domain.

I confirm that with the same settings with the 10.25 the warning was not appearing. Now it works properly even with the new version.