diff --git a/apps/extension/package.json b/apps/extension/package.json
index cd07cef8..7aeb061d 100644
--- a/apps/extension/package.json
+++ b/apps/extension/package.json
@@ -1,6 +1,6 @@
 {
   "name": "chrome-extension",
-  "version": "11.13.0",
+  "version": "11.13.1",
   "private": true,
   "license": "(MIT OR Apache-2.0)",
   "description": "chrome-extension",
diff --git a/apps/extension/public/manifest.json b/apps/extension/public/manifest.json
index 96fed30c..b037a12c 100644
--- a/apps/extension/public/manifest.json
+++ b/apps/extension/public/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "Prax wallet",
-  "version": "11.13.0",
+  "version": "11.13.1",
   "description": "For use in interacting with the Penumbra blockchain",
   "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnucOJi878TGZYnTNTrvXd9krAcpSDR/EgHcQhvjNZrKfRRsKA9O0DnbyM492c3hiicYPevRPLPoKsLgVghGDYPr8eNO7ee165keD5XLxq0wpWu14gHEPdQSRNZPLeawLp4s/rUwtzMcxhVIUYYaa2xZri4Tqx9wpR7YR1mQTAL8UsdjyitrnzTM20ciKXq1pd82MU74YaZzrcQCOmcjJtjHFdMEAYme+LuZuEugAgef9RiE/8kLQ6T7W9feYfQOky1OPjBkflpRXRgW6cACdl+MeYhKJCOHijglFsPOXX6AvnoJSeAJYRXOMVJi0ejLKEcrLpaeHgh+1WXUvc5G4wIDAQAB",
   "minimum_chrome_version": "119",
@@ -16,7 +16,7 @@
   },
   "content_scripts": [
     {
-      "matches": ["https://*/*", "http://localhost:*/*"],
+      "matches": ["https://*/*"],
       "js": [
         "injected-connection-port.js",
         "injected-disconnect-listener.js",
@@ -25,7 +25,7 @@
       "run_at": "document_start"
     },
     {
-      "matches": ["https://*/*", "http://localhost:*/*"],
+      "matches": ["https://*/*"],
       "js": ["injected-penumbra-global.js"],
       "run_at": "document_start",
       "world": "MAIN"
diff --git a/apps/extension/src/senders/validate.ts b/apps/extension/src/senders/validate.ts
index ddf3cbd2..c7d3feb4 100644
--- a/apps/extension/src/senders/validate.ts
+++ b/apps/extension/src/senders/validate.ts
@@ -6,12 +6,12 @@ type ValidSender = chrome.runtime.MessageSender & {
   frameId: 0;
   documentId: string;
   tab: chrome.tabs.Tab & { id: number };
-  origin: string;
-  url: string;
-};
 
-const isHttpLocalhost = (url: URL): boolean =>
-  url.protocol === 'http:' && url.hostname === 'localhost';
+  // the relationship between origin and url is pretty complex.
+  // just rely on the browser's tools.
+  origin: `${ValidProtocol}//${string}`;
+  url: `${ValidProtocol}//${string}/${string}`;
+};
 
 export const assertValidSender = (sender?: chrome.runtime.MessageSender) => {
   if (!sender) {
@@ -34,13 +34,7 @@ export const assertValidSender = (sender?: chrome.runtime.MessageSender) => {
   if (parsedOrigin.origin !== sender.origin) {
     throw new Error('Sender origin is invalid');
   }
-
-  if (
-    !(
-      parsedOrigin.protocol in ValidProtocol ||
-      (globalThis.__DEV__ && isHttpLocalhost(parsedOrigin))
-    )
-  ) {
+  if (!(parsedOrigin.protocol in ValidProtocol)) {
     throw new Error(`Sender protocol is not ${Object.values(ValidProtocol).join(',')}`);
   }