Challenge - 5 Problems

🎖️

CORS Mastery Badge

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the output when a request from 'http://example.com' is made?

Given this Express server code configuring CORS origins, what will happen when a request comes from 'http://example.com'?

Express

const express = require('express');
const cors = require('cors');
const app = express();

const allowedOrigins = ['http://example.com', 'http://localhost:3000'];

app.use(cors({
  origin: function(origin, callback) {
    if (!origin || allowedOrigins.includes(origin)) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  }
}));

app.get('/', (req, res) => {
  res.send('Hello World');
});

app.listen(3000);

AThe request succeeds and the server responds with 'Hello World'.

BThe request fails with a CORS error because 'http://example.com' is not allowed.

CThe server crashes due to a syntax error in the CORS configuration.

DThe request succeeds but the response is blocked by the browser due to missing headers.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which option correctly configures CORS to allow only 'http://myapp.com'?

Select the correct CORS middleware configuration to allow requests only from 'http://myapp.com'.

Aapp.use(cors({ origin: function(origin) { return origin === 'http://myapp.com'; } }));

Bapp.use(cors({ origin: ['http://myapp.com'] }));

Capp.use(cors({ origin: 'http://myapp.com' }));

Dapp.use(cors({ origin: true }));

Attempts:

2 left

🔧 Debug

advanced

2:30remaining

Why does this CORS configuration block all requests?

Analyze the code below. Why does it block all cross-origin requests?

Express

const allowedOrigins = ['http://site1.com', 'http://site2.com'];

app.use(cors({
  origin: function(origin, callback) {
    if (allowedOrigins.indexOf(origin) >= 0) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  }
}));

AThe allowedOrigins array is empty, so no origins are allowed.

BThe condition 'allowedOrigins.indexOf(origin)' returns 0 for the first origin, which is falsy, so it blocks it.

CThe callback is never called, causing the request to hang.

DThe origin parameter is undefined, so the check fails.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of 'allowedOrigins' after this code runs?

Consider this code snippet. What is the final value of the 'allowedOrigins' variable?

Express

let allowedOrigins = ['http://a.com', 'http://b.com'];

allowedOrigins.push('http://c.com');
allowedOrigins = allowedOrigins.filter(origin => origin !== 'http://b.com');

A['http://a.com', 'http://c.com']

B['http://b.com', 'http://c.com']

C['http://a.com', 'http://b.com', 'http://c.com']

D['http://a.com']

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

Which statement best explains why configuring allowed origins is important in Express apps?

Why do developers configure allowed origins in Express applications using CORS middleware?

ATo improve server performance by limiting the number of incoming requests from certain origins.

BTo automatically authenticate users based on their origin domain.

CTo enable the server to accept requests only from the same origin, blocking all cross-origin requests by default.

DTo restrict which websites can make requests to the server, enhancing security by preventing unauthorized cross-origin access.

Attempts:

2 left