capui renderer origin issue

Currently the capui-kit and CapUIRenderer are using `allowedOrigins=['*']` to config the connection.
Ideally this should be configured to the correct urls so no security issues.
Somehow the origin returned from connection is null which makes this checks fail. 
need to investigate further for this issue.