last sync: 2024-May-24 18:03:04 UTC

Function app slots should not have CORS configured to allow every resource to access your apps

Azure BuiltIn Policy definition

Source Azure Portal
Display name Function app slots should not have CORS configured to allow every resource to access your apps
Id a1a22235-dd10-4062-bd55-7d62778f41b0
Version 1.0.0
Details on versioning
Category App Service
Microsoft Learn
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Web/sites/slots/config/web.cors.allowedOrigins[*] Microsoft.Web sites/slots/config properties.cors.allowedOrigins[*] false
Rule resource types IF (1)
Microsoft.Web/sites/slots
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of App Service in a Virtual Enclave 528d78c5-246c-4f26-ade6-d30798705411 VirtualEnclaves Preview BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-19 17:41:40 add a1a22235-dd10-4062-bd55-7d62778f41b0
JSON compare n/a
JSON
api-version=2021-06-01
EPAC