The organization facilitates information sharing by enabling authorized users to determine a business partner's access when discretion is allowed as defined by the organization and by employing manual processes or automated mechanisms to assist users in making information sharing/collaboration decisions
Control: CORS should not allow every resource to access your Web Applications
Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.
steampipe check azure_compliance.control.appservice_web_app_cors_no_star
This control uses a named query:appservice_web_app_cors_no_star