Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.
"description": "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",
6
"metadata": {
7
- "version": "1.0.0",
8
"category": "Healthcare APIs"
9
},
10
"parameters": {
11
"effect": {
@@ -15,11 +15,13 @@
15
"description": "Enable or disable the execution of the policy"
16
},
17
"allowedValues": [
18
"audit",
19
- "disabled"
20
],
21
- "defaultValue": "audit"
22
}
23
},
24
"policyRule": {
25
"if": {
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",
6
"metadata": {
7
+ "version": "1.1.0",
8
"category": "Healthcare APIs"
9
},
10
"parameters": {
11
"effect": {
15
"description": "Enable or disable the execution of the policy"
displayName: "CORS should not allow every domain to access your FHIR Service",
policyType: "BuiltIn",
mode: "Indexed",
description: "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",