AzPolicyAdvertizer

last sync: 2025-Sep-18 17:23:10 UTC

CORS should not allow every domain to access your FHIR Service

Azure BuiltIn Policy definition

Source Azure Portal
Display name CORS should not allow every domain to access your FHIR Service
Id fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Healthcare APIs
Microsoft Learn
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, disabled, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.HealthcareApis/workspaces/fhirservices/corsConfiguration.origins[*] Microsoft.HealthcareApis workspaces/fhirservices properties.corsConfiguration.origins[*] True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2021-09-08 15:39:57 add fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Healthcare APIs"
9
  },
10
  "parameters": {
11
  "effect": {
@@ -15,11 +15,13 @@
15
  "description": "Enable or disable the execution of the policy"
16
  },
17
  "allowedValues": [
18
  "audit",
 
19
- "disabled"
 
20
  ],
21
- "defaultValue": "audit"
22
  }
23
  },
24
  "policyRule": {
25
  "if": {
 
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Healthcare APIs"
9
  },
10
  "parameters": {
11
  "effect": {
 
15
  "description": "Enable or disable the execution of the policy"
16
  },
17
  "allowedValues": [
18
  "audit",
19
+ "Audit",
20
+ "disabled",
21
+ "Disabled"
22
  ],
23
+ "defaultValue": "Audit"
24
  }
25
  },
26
  "policyRule": {
27
  "if": {
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "CORS should not allow every domain to access your FHIR Service",
  • policyType: "BuiltIn",
  • mode: "Indexed",
  • description: "Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.",
  • metadata: {2 items
    • version: "1.1.0",
    • category: "Healthcare APIs"
    },
  • parameters: {1 item},
  • policyRule: {2 items}
}