Mods

turbot/terraform_azure_compliance

GitHub
Overview
34Dashboards
151Controls
151Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: CORS should not allow every resource to access your Web Applications

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.

Usage

Run the control in your terminal:

steampipe check terraform_azure_compliance.control.appservice_web_app_cors_no_star

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share terraform_azure_compliance.control.appservice_web_app_cors_no_star

SQL

This control uses a named query:

appservice_web_app_cors_no_star

Tags

category = Compliance
hipaa_hitrust_v92 = true
nist_sp_800_53_rev_5 = true
plugin = terraform
service = Azure/AppService