last sync: 2022-Sep-23 16:35:49 UTC

Azure Policy definition

CORS should not allow every domain to access your API for FHIR

Name CORS should not allow every domain to access your API for FHIR
Azure Portal
Id 0fea8f8a-4169-495d-8307-30ec335f387d
Version 1.1.0
details on versioning
Category API for FHIR
Microsoft docs
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly define the domains allowed to connect.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (audit, Audit, disabled, Disabled)
Used RBAC Role none
Rule Aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.HealthcareApis/services/[*] Microsoft.HealthcareApis services[*] false
Rule ResourceTypes IF (1)
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2020-06-23 16:03:25 add 0fea8f8a-4169-495d-8307-30ec335f387d
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn
JSON Changes