Open
Description
The getSecurityToken() right now is only verified in the shindig.epfl.ch. Now we must support it in both shindig.epfl.ch and iamac71.epfl.ch. We should contact the correct one (depending on where the request comes from). So as to do this, we should also provide the shindig URL to the server (with a whitelist to avoid somebody providing his own shindig server).
@Wissam-Halimi provided this code to know in the app what's the Shindig URL:
window.location.host.toString()