Ensure CORS does not allow resources to access function apps

Error: CORS allows resources to access function apps

Bridgecrew Policy ID: BC_AZR_GENERAL_51
Checkov Check ID: CKV_AZURE_62
Severity: LOW

CORS allows resources to access function apps

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.

Fix - Buildtime

Terraform

  • Resource: azurerm_function_app
  • Argument: site_config.cors
resource "azurerm_function_app" "example" {
                ...
                site_config {
+                 cors {
+                     allowed_origins = ["192.0.0.1"]
                  }
                }
              }