Whitelist an application for CORS
This allows you to develop more powerful built-in applications capable of retrieving relevant data, creating and modifying sites, and launching new analytics directly from the browser using AJAX.
Even if you integrate Burp Suite Enterprise Edition with your CI/CD system using our native plugins, you still need to whitelist your Jenkins or TeamCity URL in order to use the Site-driven burp scan option.
You can whitelist as many origins as you want, each separated by a newline:
Log in to Burp Suite Enterprise Edition as an administrator.
From the settings menu select Network.
In the Authorized origins for the GraphQL API , enter the origin on which the other app is running. be sure to include the URL scheme, domain name, and port. For instance:
When you are sure your entries are correct, click to safeguard.
Test your external application to make sure it works as expected.
If you’re still having issues with CORS, look into the
Origin associated request header and compare it to the URLs you have in the whitelist. There should be no discrepancies.
The origin of incoming requests refers only to the URL scheme, domain name and port. In other words, you can whitelist all cross-origin requests coming from
https://example.com:8080 but you can’t limit this to specific subdirectories such as
https://example.com:8080/my-app. For finer control, you should deploy your app to a dedicated subdomain: