Code Room
Code reviewMediumcr-p037
Subject SecurityLevel Mid–Senior~18 minCommon in Security interviewsIndustries Software development

Question

Review this CORS configuration on an API that uses cookie auth.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
response.headers['Access-Control-Allow-Origin'] = '*'response.headers['Access-Control-Allow-Credentials'] = 'true'
Run or narrate your approach, then ask the coach.