last sync: 2023-Jun-07 17:44:43 UTC

Azure Policy definition

[Deprecated]: CORS should not allow every resource to access your API App

Name [Deprecated]: CORS should not allow every resource to access your API App
Azure Portal
Id 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac
Version 1.0.0-deprecated
details on versioning
Category App Service
Microsoft docs
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should not have CORS configured to allow every resource to access your apps', which is scoped to include API apps in addition to Web Apps.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC
Role(s)
none
Rule
Aliases
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Web/sites/config/web.cors.allowedOrigins[*] Microsoft.Web sites/config properties.cors.allowedOrigins[*] false
Rule
ResourceTypes
IF (1)
Microsoft.Web/sites
Compliance Not a Compliance control
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-07-01 16:32:34 change Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)
Initiatives
usage
none
JSON