Challenge - 5 Problems

🎖️

CORS Mastery Badge

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the effect of this CORS middleware configuration?

Consider this FastAPI app snippet with CORS middleware added. What will be the behavior regarding cross-origin requests?

FastAPI

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://example.com"],
    allow_methods=["GET", "POST"],
    allow_headers=["X-Custom-Header"],
)

@app.get("/")
async def root():
    return {"message": "Hello"}

AOnly GET and POST requests from https://example.com with header X-Custom-Header are allowed cross-origin.

BAll origins can send any method requests with any headers cross-origin.

CNo cross-origin requests are allowed because allow_credentials is not set.

DOnly GET requests from any origin are allowed cross-origin.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which option correctly adds CORS middleware allowing all origins and methods?

Select the correct code snippet to add CORS middleware in FastAPI that allows all origins and all HTTP methods.

FastAPI

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

# Add CORS middleware here

Aapp.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"])

Bapp.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["*"])

Capp.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["GET", "POST", "PUT", "DELETE"])

Dapp.add_middleware(CORSMiddleware, allow_origins="*", allow_methods="*")

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this FastAPI app still block cross-origin requests despite adding CORS middleware?

Review the code and identify why cross-origin requests are blocked even though CORS middleware is added.

FastAPI

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://allowed.com"],
    allow_methods=["GET", "POST"],
    allow_headers=["*"],
    allow_credentials=True
)

@app.get("/")
async def root():
    return {"message": "Hello"}

Aallow_credentials=True requires allow_origins to be set to ["*"] to work properly.

BThe allow_headers parameter set to ["*"] causes a syntax error, blocking requests.

CThe frontend is sending requests from a different origin than https://allowed.com, so they are blocked.

DThe middleware must be added after all route definitions to work.

Attempts:

2 left

🧠 Conceptual

advanced

2:00remaining

What is the purpose of the allow_credentials parameter in FastAPI's CORS middleware?

Select the best explanation for what setting allow_credentials=True does in FastAPI's CORS middleware.

AIt automatically adds Access-Control-Allow-Origin: * header to all responses.

BIt disables all CORS protections and allows any cross-origin request.

CIt restricts cross-origin requests to only those using HTTPS protocol.

DIt allows cookies, authorization headers, or TLS client certificates to be included in cross-origin requests.

Attempts:

2 left

❓ state_output

expert

2:00remaining

What is the value of the Access-Control-Allow-Methods header in this FastAPI response?

Given this FastAPI app with CORS middleware, what will be the exact value of the Access-Control-Allow-Methods header in the preflight OPTIONS response?

FastAPI

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://site1.com", "https://site2.com"],
    allow_methods=["GET", "POST"],
    allow_headers=["Content-Type", "Authorization"]
)

@app.options("/")
async def options():
    return {"status": "ok"}

A"GET, POST"

B"GET,POST"

C"GET"

D"*"

Attempts:

2 left