Azure > App Service >

Access Control Allow Credential Enabled

MEDIUM

Source

CloudSploit

ID

access-control-allow-credential-enabled

management console

Access Control Allow Credential Enabled

Esures that App Service has Access Control Allow Credentials enabled with CORS

Enabling Access-Control-Allow-Credentials with CORS (Cross-Origin Resource Sharing) ensures secure access to resources across different domains, allowing the secure exchange of sensitive information such as cookies or authorization headers.

Recommended Actions

Enable Access Control Allow Credentials for all App Services.

Links

https://learn.microsoft.com/en-us/azure/container-apps/cors

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use