last sync: 2022-Oct-03 16:35:36 UTC

Azure Policy definition

CORS should not allow every domain to access your FHIR Service

Name CORS should not allow every domain to access your FHIR Service
Azure Portal
Id fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
Version 1.1.0
details on versioning
Category Healthcare APIs
Microsoft docs
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (audit, Audit, disabled, Disabled)
Used RBAC Role none
Rule Aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.HealthcareApis/workspaces/fhirservices/corsConfiguration.origins[*] Microsoft.HealthcareApis workspaces/fhirservices properties.corsConfiguration.origins[*] false
Rule ResourceTypes IF (1)
Microsoft.HealthcareApis/workspaces/fhirservices
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2021-09-08 15:39:57 add fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
Used in Initiatives none
JSON Changes

JSON