AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Function app slots should not have CORS configured to allow every resource to access your apps

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Function app slots should not have CORS configured to allow every resource to access your apps

a1a22235-dd10-4062-bd55-7d62778f41b0

Version

1.0.0
Details on versioning

Category

App Service
Microsoft Learn

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Web/sites/slots/config/web.cors.allowedOrigins[*]	Microsoft.Web	sites/slots/config	properties.cors.allowedOrigins[*]	True		False

Rule resource types

IF (1)
Microsoft.Web/sites/slots

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Control the use of App Service in a Virtual Enclave	528d78c5-246c-4f26-ade6-d30798705411	VirtualEnclaves	Preview	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-19 17:41:40	add	a1a22235-dd10-4062-bd55-7d62778f41b0

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC