Skip to content

CORS allows resource to access app services

Description

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: cors 
resource "azurerm_app_service" "example" {
                 ...                        
                site_config {
+             cors {
+                    allowed_origins = ["192.0.0.1"]
+                                   }
            }