0
0
NestJSframework~20 mins

CORS configuration in NestJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
CORS Mastery in NestJS
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the effect of this CORS configuration in NestJS?
Consider this NestJS setup for CORS:
const app = await NestFactory.create(AppModule);
app.enableCors({
  origin: 'https://example.com',
  methods: 'GET,POST',
  credentials: true
});
await app.listen(3000);

What will happen if a browser tries to send a PUT request from https://example.com?
NestJS
const app = await NestFactory.create(AppModule);
app.enableCors({
  origin: 'https://example.com',
  methods: 'GET,POST',
  credentials: true
});
await app.listen(3000);
AThe PUT request will be redirected to GET automatically.
BThe PUT request will succeed because origin matches.
CThe PUT request will succeed but credentials will be ignored.
DThe PUT request will be blocked by CORS policy.
Attempts:
2 left
💡 Hint
Check which HTTP methods are allowed in the CORS config.
📝 Syntax
intermediate
2:00remaining
Which option correctly enables CORS for multiple origins in NestJS?
You want to allow CORS requests from 'https://site1.com' and 'https://site2.com'. Which code snippet correctly configures this?
Aapp.enableCors({ origin: /https:\/\/site[12]\.com/ });
Bapp.enableCors({ origin: 'https://site1.com, https://site2.com' });
Capp.enableCors({ origin: ['https://site1.com', 'https://site2.com'] });
Dapp.enableCors({ origin: true });
Attempts:
2 left
💡 Hint
Check the type of the 'origin' option for multiple domains.
🔧 Debug
advanced
2:00remaining
Why does this NestJS CORS config cause all requests to fail?
Given this code:
app.enableCors({
  origin: (origin, callback) => {
    if (origin === 'https://allowed.com') {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  }
});

All requests from any origin fail with CORS error. Why?
NestJS
app.enableCors({
  origin: (origin, callback) => {
    if (origin === 'https://allowed.com') {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  }
});
AThe callback must be called with false to deny, not an Error.
BThe origin check is case-sensitive and fails for 'https://allowed.com'.
CThe origin function must return a boolean, not use callback.
DThe callback error should be null to deny access, not an Error object.
Attempts:
2 left
💡 Hint
Check how the callback signals denial in CORS origin function.
state_output
advanced
2:00remaining
What is the value of the 'Access-Control-Allow-Credentials' header with this config?
In NestJS, you configure CORS as:
app.enableCors({
  origin: 'https://client.com',
  credentials: false
});

What will be the value of the 'Access-Control-Allow-Credentials' header in the response?
NestJS
app.enableCors({
  origin: 'https://client.com',
  credentials: false
});
AThe header will be 'Access-Control-Allow-Credentials: true'.
BThe header will be missing (not sent).
CThe header will be 'Access-Control-Allow-Credentials: false'.
DThe header will be 'Access-Control-Allow-Credentials: null'.
Attempts:
2 left
💡 Hint
Check if the header is sent when credentials is false.
🧠 Conceptual
expert
2:00remaining
Which statement about NestJS CORS configuration is TRUE?
Select the true statement about how NestJS handles CORS configuration:
AUsing a function for 'origin' allows dynamic origin validation per request.
BSetting 'origin' to true allows requests from any origin and sends credentials by default.
CThe 'methods' option defaults to all HTTP methods if omitted.
DSetting 'credentials' to true automatically sets 'Access-Control-Allow-Origin' to '*'.
Attempts:
2 left
💡 Hint
Think about dynamic origin checks and default behaviors.