Free Assessment

Azure_AppService_13

Ensure CORS should not allow every resource to access your Web Application

Description

Specify the origins that should be allowed to make cross-origin calls. *” represents that all origins are allowed

Remediation

Perform the following in the Azure Console:

  1. Login to Azure Portal using https://portal.azure.com
  2. Go to App Services
  3. Click on each App
  4. Click on API settings
  5. In Allowed region there should not be *”.Specify the origins that should be allowed to make cross-origin calls

Perform the following in Azure Command Line Interface 2.0:

To review the origins that should be allowed to make cross-origin calls, run the following command.

az webapp cors show –name MyWebApp –resource-group MyResourceGroup

To remove the origin with ‘*’,run the command

az webapp cors remove -g {myRG} -n {myAppName} –allowed-origins *

  1. https://docs.microsoft.com/en-us/cli/azure/webapp/cors?view=azure-cli-latest

Service

AppService

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More