Control: App Service apps should not have CORS configured to allow every resource to access your apps
Description
Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_cors_no_star
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_cors_no_star --share
SQL
This control uses a named query:
appservice_web_app_cors_no_star