0
0
NestJSframework~20 mins

Third-party middleware (cors, helmet) in NestJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Middleware Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the effect of enabling Helmet middleware in a NestJS app?

Consider a NestJS application where Helmet middleware is enabled globally. What does Helmet primarily do for your app?

NestJS
import helmet from 'helmet';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(helmet());
  await app.listen(3000);
}
bootstrap();
AIt logs all incoming requests to the console for debugging.
BIt adds security headers to HTTP responses to protect against common web vulnerabilities.
CIt compresses HTTP responses to reduce bandwidth usage.
DIt enables Cross-Origin Resource Sharing (CORS) for all domains by default.
Attempts:
2 left
💡 Hint

Think about what security headers do in web apps.

📝 Syntax
intermediate
2:00remaining
Which code snippet correctly enables CORS with specific origin in NestJS?

You want to enable CORS only for the origin 'https://example.com' in your NestJS app. Which code snippet does this correctly?

Aapp.enableCors({ origin: 'https://example.com' });
Bapp.use(cors({ origin: 'https://example.com' }));
Capp.enableCors('https://example.com');
Dapp.use(cors('https://example.com'));
Attempts:
2 left
💡 Hint

Check the NestJS method for enabling CORS with options.

🔧 Debug
advanced
2:00remaining
Why does this NestJS app fail to apply Helmet middleware correctly?

Review the code below. The app does not seem to have Helmet security headers applied. What is the cause?

NestJS
import helmet from 'helmet';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(helmet);
  await app.listen(3000);
}
bootstrap();
AThe app.listen call must come before app.use to apply middleware.
BHelmet must be imported from '@nestjs/helmet' instead of 'helmet'.
CHelmet is passed as a function reference instead of being called, so middleware is not applied.
DHelmet middleware requires async/await when used with app.use.
Attempts:
2 left
💡 Hint

Check how middleware functions are passed in Express-based frameworks.

state_output
advanced
2:00remaining
What headers are present after enabling Helmet in NestJS?

After enabling Helmet middleware with default settings in a NestJS app, which HTTP header will NOT be present in the response?

NestJS
app.use(helmet());
AX-Content-Type-Options
BX-DNS-Prefetch-Control
CX-Frame-Options
DAccess-Control-Allow-Origin
Attempts:
2 left
💡 Hint

Helmet sets security headers, but CORS headers come from a different middleware.

🧠 Conceptual
expert
3:00remaining
How do CORS and Helmet middleware complement each other in NestJS?

In a NestJS app, both CORS and Helmet middleware are enabled. What best describes how they work together?

ACORS controls which external domains can access resources; Helmet adds security headers to protect the app from attacks.
BBoth CORS and Helmet handle cross-origin requests but Helmet also compresses responses.
CHelmet replaces CORS functionality by adding headers that allow all origins by default.
DCORS middleware encrypts requests; Helmet middleware decrypts them.
Attempts:
2 left
💡 Hint

Think about the purpose of CORS and security headers separately.