Code Room
Code reviewMediumcr-g560
Subject Security access control corsLevel Mid–Senior~18 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Express CORS configuration for an authenticated API.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjavascript
app.use((req, res, next) => {  res.header('Access-Control-Allow-Origin', req.headers.origin || '*');  res.header('Access-Control-Allow-Credentials', 'true');  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');  next();}); app.get('/api/me', requireSession, (req, res) => {  res.json({ id: req.user.id, email: req.user.email });});
Run or narrate your approach, then ask the coach.