0
0
Expressframework~20 mins

cors middleware setup in Express - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
CORS Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output when CORS middleware allows only example.com?

Consider this Express server setup using CORS middleware:

import express from 'express';
import cors from 'cors';

const app = express();

app.use(cors({ origin: 'https://example.com' }));

app.get('/', (req, res) => {
  res.send('Hello World');
});

app.listen(3000);

What happens if a browser from https://notallowed.com tries to fetch data from this server?

AThe server responds normally and the browser accepts the response.
BThe browser blocks the response due to CORS policy.
CThe server returns a 404 error.
DThe server crashes with an error.
Attempts:
2 left
💡 Hint

Think about what CORS does when the origin is not in the allowed list.

📝 Syntax
intermediate
2:00remaining
Which option correctly sets up CORS to allow all origins?

Which of the following code snippets correctly configures the Express CORS middleware to allow requests from any origin?

Aapp.use(cors());
Bapp.use(cors({ origin: null }));
Capp.use(cors({ origin: '*' }));
Dapp.use(cors({ origin: false }));
Attempts:
2 left
💡 Hint

Check the default behavior of the CORS middleware when no options are passed.

🔧 Debug
advanced
2:00remaining
Why does this CORS setup cause a runtime error?

Examine this Express server code snippet:

import express from 'express';
import cors from 'cors';

const app = express();

app.use(cors({ origin: '*', credentials: true }));

app.get('/', (req, res) => {
  res.send('Hello');
});

app.listen(3000);

When running this code, the server crashes with an error related to the CORS origin option. Why?

AThe CORS middleware does not support HTTPS URLs.
BThe app.listen call is missing a callback function.
CThe origin array must be wrapped inside another object.
DThe origin '*' cannot be used when credentials: true.
Attempts:
2 left
💡 Hint

Check the compatibility between origin and credentials options.

🧠 Conceptual
advanced
2:00remaining
What is the purpose of the 'optionsSuccessStatus' option in CORS middleware?

In the CORS middleware configuration, what does setting optionsSuccessStatus do?

AIt sets the HTTP status code sent for successful OPTIONS preflight requests.
BIt specifies the allowed HTTP methods for CORS.
CIt disables CORS for OPTIONS requests.
DIt defines the maximum age for caching CORS headers.
Attempts:
2 left
💡 Hint

Think about how browsers check permissions before sending actual requests.

state_output
expert
2:00remaining
What is the value of the 'Access-Control-Allow-Origin' header for this request?

Given this Express server code:

import express from 'express';
import cors from 'cors';

const app = express();

const whitelist = ['https://allowed.com', 'https://trusted.com'];

app.use(cors({
  origin: (origin, callback) => {
    if (!origin || whitelist.includes(origin)) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  }
}));

app.get('/', (req, res) => {
  res.send('Welcome');
});

app.listen(3000);

If a request comes from https://allowed.com, what will be the value of the Access-Control-Allow-Origin header in the response?

Aundefined (header not set)
B'*'
C'https://allowed.com'
D'https://trusted.com'
Attempts:
2 left
💡 Hint

Look at how the origin callback controls allowed origins.