CORS allows resource to access app services
Description
Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.
Code Example
go
resource "azurerm_app_service" "example" {
...
site_config {
+ cors {
+ allowed_origins = ["192.0.0.1"]
+ }
}Remediation
Terraform
- Resource: azurerm_app_service
- Arguments: cors
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0566 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_57 |