AzPolicyAdvertizer

last sync: 2021-Jan-22 16:07:27 UTC

Azure Policy definition

CORS should not allow every domain to access your API for FHIR

Name CORS should not allow every domain to access your API for FHIR
Azure Portal
Id 0fea8f8a-4169-495d-8307-30ec335f387d
Version 1.0.0
details on versioning
Category API for FHIR
Microsoft docs
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly define the domains allowed to connect.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: audit
Allowed: (audit, disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-06-23 16:03:25 add 0fea8f8a-4169-495d-8307-30ec335f387d
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
Json 
{
  "properties": {
    "displayName": "CORS should not allow every domain to access your API for FHIR",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly define the domains allowed to connect.",
    "metadata": {
      "version": "1.0.0",
      "category": "API for FHIR"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "audit",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.HealthcareApis/services"
          },
          {
            "not": {
            "field": "Microsoft.HealthcareApis/services/corsConfiguration.origins[*]",
              "notEquals": "*"
            }
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0fea8f8a-4169-495d-8307-30ec335f387d"
}