AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

CORS should not allow every domain to access your FHIR Service

Azure BuiltIn Policy definition

Source Azure Portal
Display name CORS should not allow every domain to access your FHIR Service
Id fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Healthcare APIs
Microsoft Learn
Description Cross-Origin Resource Sharing (CORS) should not allow all domains to access your FHIR Service. To protect your FHIR Service, remove access for all domains and explicitly define the domains allowed to connect.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, disabled, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.HealthcareApis/workspaces/fhirservices/corsConfiguration.origins[*] Microsoft.HealthcareApis workspaces/fhirservices properties.corsConfiguration.origins[*] True False
Rule resource types IF (1)
Microsoft.HealthcareApis/workspaces/fhirservices
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2021-09-08 15:39:57 add fe1c9040-c46a-4e81-9aea-c7850fbb3aa6
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC