Currently sidecar allows any request to be accepted, both for events and streaming. This allows any website to connect to a sidecar instance or send events to it which means a potential security hazard.

We should only allow requsets from localhost (without any port or protocol restriction) and from our designated domains: https://*.spotlightjs.com, https://spotlightjs.com. Our designated domains MUST have protocol and port restrictions (only HTTPS and the default port for that)