Last updated: July 20, 2021
Read time: 3 Minutes
Even if you're integrating Burp Suite Enterprise Edition with your CI/CD system using our native plugins, you will still need to whitelist your Jenkins or TeamCity URL in order to use the "Burp site-driven scan" option.
You can whitelist an application for CORS from the Burp Suite Enterprise Edition network settings page.
Originheader of the associated request and compare this to the URLs that you have in the whitelist. There should be no discrepancies.
The origin of incoming requests refers only to the URL scheme, domain name, and port. In other words, you can whitelist all cross-origin requests from
https://example.com:8080 but you cannot restrict this to specific subdirectories such as
https://example.com:8080/my-app. For more granular control, you need to deploy your application to a dedicated subdomain:
The same-origin policy aims to prevent scripts running on one website from accessing and interacting with data on another website. This is an important security mechanism. If we didn't enforce the same-origin policy, arbitrary external websites would potentially be able to access sensitive data from your Enterprise server.
Origin header in the corresponding HTTP request matches an origin that you have explicitly whitelisted.