Code Room
Code reviewMedium
Question
Review this Express CORS configuration for an authenticated API.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
app.use((req, res, next) => { res.header('Access-Control-Allow-Origin', req.headers.origin || '*'); res.header('Access-Control-Allow-Credentials', 'true'); res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization'); next();}); app.get('/api/me', requireSession, (req, res) => { res.json({ id: req.user.id, email: req.user.email });});Run or narrate your approach, then ask the coach.