AzPolicyAdvertizer

last sync: 2025-Oct-28 18:23:17 UTC

App Service app slots should not have CORS configured to allow every resource to access your apps

Azure BuiltIn Policy definition

Source Azure Portal
Display name App Service app slots should not have CORS configured to allow every resource to access your apps
Id cae7c12e-764b-4c87-841a-fdc6675d196f
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your app. Allow only required domains to interact with your app.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/sites/slots/config/web.cors.allowedOrigins[*] Microsoft.Web sites/slots/config properties.cors.allowedOrigins[*] True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Control the use of App Service in a Virtual Enclave 528d78c5-246c-4f26-ade6-d30798705411 VirtualEnclaves Preview BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-19 17:41:40 add cae7c12e-764b-4c87-841a-fdc6675d196f
JSON compare n/a
JSON
api-version=2021-06-01
EPAC