Name | [Deprecated]: CORS should not allow every resource to access your API App Azure Portal |
||||||||||
Id | 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac | ||||||||||
Version | 1.0.0-deprecated details on versioning |
||||||||||
Category | App Service Microsoft docs |
||||||||||
Description | Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should not have CORS configured to allow every resource to access your apps', which is scoped to include API apps in addition to Web Apps. | ||||||||||
Mode | Indexed | ||||||||||
Type | BuiltIn | ||||||||||
Preview | FALSE | ||||||||||
Deprecated | True | ||||||||||
Effect | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
||||||||||
RBAC Role(s) |
none | ||||||||||
Rule Aliases |
THEN-ExistenceCondition (1)
|
||||||||||
Rule ResourceTypes |
IF (1) Microsoft.Web/sites |
||||||||||
Compliance | Not a Compliance control | ||||||||||
History |
|
||||||||||
Initiatives usage |
none | ||||||||||
JSON |
|