diff --git a/src/app.js b/src/app.js
index 5b649fa1..143ff494 100644
--- a/src/app.js
+++ b/src/app.js
@@ -22,10 +22,22 @@ const clientSecretFromParams = pathParams.clientSecret || pathParams.appSecret;
 const authProxy = pathParams.authProxy;
 const enableDiscovery = !!pathParams.discovery;
 const discoverAppServer = pathParams.discoverAppServer;
+
+function getAppServer() {
+  if (
+    pathParams.appServer &&
+    pathParams.appServer.indexOf('https://') === 0 &&
+    pathParams.appServer.indexOf('?') === -1 &&
+    pathParams.appServer.indexOf('javascript') === -1
+  ) {
+    return pathParams.appServer;
+  }
+  return defaultApiConfig.server;
+}
 const apiConfig = {
   clientId: clientIdFromParams || defaultApiConfig.appKey,
   clientSecret: (clientIdFromParams ? clientSecretFromParams : defaultApiConfig.appSecret),
-  server: pathParams.appServer || defaultApiConfig.server,
+  server: getAppServer(),
 };
 if (enableDiscovery) {
   apiConfig.enableDiscovery = enableDiscovery;