0
0
Expressframework~20 mins

Why CORS matters for APIs in Express - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
CORS Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the main purpose of CORS in APIs?
Why do APIs implement CORS (Cross-Origin Resource Sharing)?
ATo allow web pages from different origins to access API resources securely
BTo speed up API response times by caching data
CTo encrypt API data during transmission
DTo restrict API access only to mobile devices
Attempts:
2 left
💡 Hint
Think about how browsers control access to resources from different websites.
component_behavior
intermediate
2:00remaining
What happens if an API does not set CORS headers?
Consider a browser-based app trying to fetch data from an API that does not send CORS headers. What will happen?
AThe API response is cached indefinitely
BThe browser blocks the response and shows a CORS error
CThe API returns a 404 Not Found error
DThe browser automatically adds CORS headers to the request
Attempts:
2 left
💡 Hint
Browsers enforce CORS to protect users from malicious sites.
📝 Syntax
advanced
2:00remaining
Which Express code snippet correctly enables CORS for all origins?
Choose the Express.js code that properly enables CORS for any website to access the API.
Express
const express = require('express');
const app = express();
// Which code below enables CORS for all origins?
Aapp.use((req, res, next) => { res.setHeader('Access-Control-Allow-Origin', '*'); next(); });
Bapp.use(cors({ origin: 'http://example.com' }));
Capp.use(cors({ origin: '*' }));
Dapp.use((req, res) => { res.header('Access-Control-Allow-Origin', 'none'); next(); });
Attempts:
2 left
💡 Hint
Look for the code that sets the header to allow all origins.
🔧 Debug
advanced
2:00remaining
Why does this Express CORS setup cause errors?
Given this Express code, why might CORS errors still occur? const cors = require('cors'); app.use((req, res) => { res.send('Hello'); }); app.use(cors());
ABecause the app does not listen on a port
BBecause the response is sent before CORS headers are set
CBecause the cors package is not installed
DBecause cors() middleware is not called before routes
Attempts:
2 left
💡 Hint
Middleware order matters in Express.
state_output
expert
2:00remaining
What is the output of this Express CORS preflight handling code?
What response headers will the server send when a browser sends an OPTIONS preflight request to this Express API? const express = require('express'); const app = express(); app.use((req, res, next) => { if (req.method === 'OPTIONS') { res.setHeader('Access-Control-Allow-Origin', 'https://example.com'); res.setHeader('Access-Control-Allow-Methods', 'GET,POST'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type'); return res.status(204).end(); } next(); }); app.get('/', (req, res) => res.send('OK')); // Assume a browser sends OPTIONS request from https://example.com
AStatus 404 Not Found with no headers
BStatus 200 with body 'OK' and no CORS headers
CStatus 204 with headers: Access-Control-Allow-Origin: https://example.com, Access-Control-Allow-Methods: GET,POST, Access-Control-Allow-Headers: Content-Type
DStatus 500 Internal Server Error due to missing next() call
Attempts:
2 left
💡 Hint
Preflight requests use OPTIONS method and expect specific CORS headers.