AzPolicyAdvertizer

last sync: 2022-May-24 16:30:29 UTC

Azure Policy definition

CORS should not allow every domain to access your API for FHIR

Name

CORS should not allow every domain to access your API for FHIR
Azure Portal

0fea8f8a-4169-495d-8307-30ec335f387d

Version

1.1.0
details on versioning

Category

API for FHIR
Microsoft docs

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API for FHIR. To protect your API for FHIR, remove access for all domains and explicitly define the domains allowed to connect.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default: Audit
Allowed: (audit, Audit, disabled, Disabled)

Used RBAC Role

none

Rule Aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.HealthcareApis/services/corsConfiguration.origins[*]	Microsoft.HealthcareApis	services	properties.corsConfiguration.origins[*]	false

Rule ResourceTypes

IF (1)
Microsoft.HealthcareApis/services

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-04-01 20:29:14	change	Minor (1.0.0 > 1.1.0)
2020-06-23 16:03:25	add	0fea8f8a-4169-495d-8307-30ec335f387d

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	GA	BuiltIn

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

AzPolicyAdvertizer

Azure Policy definition

CORS should not allow every domain to access your API for FHIR

JSON Left

JSON Right