diff --git a/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/ContainerApps.json b/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/ContainerApps.json
index 9d1269f9f26f..c096485adbf4 100644
--- a/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/ContainerApps.json
+++ b/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/ContainerApps.json
@@ -782,6 +782,23 @@
           "x-ms-identifiers": [
             "name"
           ]
+        },
+        "clientCertificateMode": {
+          "description": "Client certificate mode for mTLS authentication. Ignore indicates server drops client certificate on forwarding. Accept indicates server forwards client certificate but does not require a client certificate. Require indicates server requires a client certificate.",
+          "enum": [
+            "ignore",
+            "accept",
+            "require"
+          ],
+          "type": "string",
+          "x-ms-enum": {
+            "name": "IngressClientCertificateMode",
+            "modelAsString": true
+          }
+        },
+        "corsPolicy": {
+          "description": "CORS policy for container app",
+          "$ref": "#/definitions/CorsPolicy"
         }
       }
     },
@@ -932,6 +949,52 @@
         }
       }
     },
+    "CorsPolicy": {
+      "description": "Cross-Origin-Resource-Sharing policy",
+      "type": "object",
+      "required": [
+        "allowedOrigins"
+      ],
+      "properties": {
+        "allowedOrigins": {
+          "description": "allowed origins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "allowedMethods": {
+          "description": "allowed HTTP methods",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "allowedHeaders": {
+          "description": "allowed HTTP headers",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "exposeHeaders": {
+          "description": "expose HTTP headers ",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "maxAge": {
+          "format": "int32",
+          "description": "max time client can cache the result",
+          "type": "integer"
+        },
+        "allowCredentials": {
+          "description": "allow credential or not",
+          "type": "boolean"
+        }
+      }
+    },
     "CustomHostnameAnalysisResult": {
       "description": "Custom domain analysis.",
       "type": "object",
diff --git a/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/examples/ContainerApps_CreateOrUpdate.json b/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/examples/ContainerApps_CreateOrUpdate.json
index 6fefb87ed3b5..9b31e79d9bb5 100644
--- a/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/examples/ContainerApps_CreateOrUpdate.json
+++ b/specification/app/resource-manager/Microsoft.App/stable/2022-10-01/examples/ContainerApps_CreateOrUpdate.json
@@ -46,7 +46,28 @@
                 "ipAddressRange": "192.168.1.1/8",
                 "action": "Allow"
               }
-            ]
+            ],
+            "clientCertificateMode": "accept",
+            "corsPolicy": {
+              "allowedOrigins": [
+                "https://a.test.com",
+                "https://b.test.com"
+              ],
+              "allowedMethods": [
+                "GET",
+                "POST"
+              ],
+              "allowedHeaders": [
+                "HEADER1",
+                "HEADER2"
+              ],
+              "exposeHeaders": [
+                "HEADER3",
+                "HEADER4"
+              ],
+              "maxAge": 1234,
+              "allowCredentials": true
+            }
           },
           "dapr": {
             "enabled": true,