0
0
Expressframework~10 mins

Configuring allowed origins in Express - Interactive Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to import the CORS middleware.

Express
const cors = require('[1]');
Drag options to blanks, or click blank then click option'
Acors
Bexpress
Chttp
Dpath
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'express' instead of 'cors' for CORS middleware.
Forgetting to install the 'cors' package before requiring it.
2fill in blank
medium

Complete the code to allow all origins using CORS middleware.

Express
app.use(cors({ origin: [1] }));
Drag options to blanks, or click blank then click option'
A'*'
Btrue
Cnull
Dfalse
Attempts:
3 left
💡 Hint
Common Mistakes
Using boolean true instead of '*' to allow all origins.
Setting origin to false disables CORS.
3fill in blank
hard

Fix the error in the code to allow only 'http://example.com' origin.

Express
app.use(cors({ origin: [1] }));
Drag options to blanks, or click blank then click option'
Ahttp://example.com
B'http://example.com'
C['http://example.com']
Dtrue
Attempts:
3 left
💡 Hint
Common Mistakes
Using an array instead of a string for a single origin.
Not quoting the URL string.
4fill in blank
hard

Fill both blanks to allow only 'http://site1.com' and 'http://site2.com' origins.

Express
const allowedOrigins = [[1], [2]];
app.use(cors({ origin: function(origin, callback) {
  if (!origin || allowedOrigins.indexOf(origin) !== -1) {
    callback(null, true);
  } else {
    callback(new Error('Not allowed by CORS'));
  }
}}));
Drag options to blanks, or click blank then click option'
A'http://site1.com'
B'http://site2.com'
C'http://example.com'
D'http://localhost:3000'
Attempts:
3 left
💡 Hint
Common Mistakes
Using unquoted URLs in the array.
Including origins not specified in the allowed list.
5fill in blank
hard

Fill all three blanks to configure CORS with multiple allowed origins and enable credentials.

Express
const allowed = [[1], [2]];
app.use(cors({
  origin: function(origin, callback) {
    if (!origin || allowed.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error('CORS not allowed'));
    }
  },
  [3]: true
}));
Drag options to blanks, or click blank then click option'
A'http://myapp.com'
B'http://yourapp.com'
Ccredentials
Dmethods
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'methods' instead of 'credentials' to enable credentials.
Not quoting the URLs in the array.