Secure Requester Whitelist


Allows an administrator to specify sites trusted to make JSONP or primitive-XPath REST API requests.


Use Manage Jenkins » Configure Global Security to make this configuration.

  • Allow requests without Referer: if checked, then requests with no HTTP Referer will be allowed.
  • Domains from which to allow requests: a space and/or newline-separated list of domains to allow requests from.

There is on-line help available for each option.


Version 1.5 and newer

See GitHub releases.

Version 1.4 (2019-09-05)

Version 1.3 (2019-05-31)

  • Metadata changes only.

Version 1.2 (Oct 17 2017)

Version 1.1 (Nov 10 2016)

Version 1.0 (Dec 12 2013)

  • Initial release. Relies for now on Jenkins 1.537 so as to use the extension point described in JENKINS-16936.