last sync: 2024-May-24 18:03:04 UTC

App Service app slots should not have CORS configured to allow every resource to access your apps

Azure BuiltIn Policy definition

Source Azure Portal
Display name App Service app slots should not have CORS configured to allow every resource to access your apps
Id cae7c12e-764b-4c87-841a-fdc6675d196f
Version 1.0.0
Details on versioning
Category App Service
Microsoft Learn
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your app. Allow only required domains to interact with your app.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Web/sites/slots/config/web.cors.allowedOrigins[*] Microsoft.Web sites/slots/config properties.cors.allowedOrigins[*] false
Rule resource types IF (1)
Microsoft.Web/sites/slots
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of App Service in a Virtual Enclave 528d78c5-246c-4f26-ade6-d30798705411 VirtualEnclaves Preview BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-19 17:41:40 add cae7c12e-764b-4c87-841a-fdc6675d196f
JSON compare n/a
JSON
api-version=2021-06-01
EPAC