CORS allows resources to access function apps
Description
Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.
Fix - Buildtime
Terraform
- Resource: azurerm_function_app
- Argument: site_config.cors
resource "azurerm_function_app" "example" {
...
site_config {
+ cors {
+ allowed_origins = ["192.0.0.1"]
}
}
}