[Note that I tried to post this once already and got myself to a an auth0 page where I got the auth0 oops page. So if this posting gets duplicated I am sorry.]
The situation was reproduced (yes, this one was easy to reproduce) and is now being tracked to be addressed. In addition to that possibility where the IP address is actually camouflaged as sub-domains it was also detected that simple IP addresses as the host were also not being allowed so the scope of the issue is to also address the standalone IP address situation.
As final note, have in mind that technically even after this is addressed the value http://sitename.127.0.0.1.xip.io:9000/ contains a path component (/ at the end) so it is not a web origin. The fix would however allow http://sitename.127.0.0.1.xip.io:9000.
As mentioned in the answer to the question you linked, it should be possible to bypass these validation hints that were not working as expected if you update the client settings through the management API, however, you then won’t be able to update that client through the dashboard.