Ensure CORS disallows resource to access app services

Error: CORS allows resource to access app services

Bridgecrew Policy ID: BC_AZR_GENERAL_48
Checkov Check ID: CKV_AZURE_57
Severity: LOW

CORS allows resource to access app services

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: cors
resource "azurerm_app_service" "example" {
				 ...						
  				site_config {
+             cors {
+                    allowed_origins = ["192.0.0.1"]
+ 									}
            }