AI and CORS Errors: Why the Browser Blocks Your Fetch

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-builders-ai-coding-AI-and-cors-errors-teen

1. What does the acronym CORS stand for?

   1. Client-Oriented Response System
   2. Computer Online Resource System
   3. Cross-Origin Request Security
   4. Cross-Origin Resource Sharing

2. Where is CORS configured?

   1. In the HTML file
   2. On the server that provides the data
   3. In a CSS stylesheet
   4. In the browser's settings menu

3. A fetch request from your website to an API on a different domain fails with a CORS error. What header should be added to fix it?

   1. Authorization
   2. X-Frame-Options
   3. Content-Type
   4. Access-Control-Allow-Origin

4. Why is using '*' (wildcard) for Access-Control-Allow-Origin potentially dangerous in production?

   1. It slows down the server significantly
   2. It prevents mobile devices from connecting
   3. It allows any website to access your API, which could expose sensitive data
   4. It automatically deletes old data

5. What is a preflight request in the context of CORS?

   1. A backup request sent if the first one fails
   2. A request that prefetches data to improve performance
   3. A request that loads faster because it skips security checks
   4. An OPTIONS request sent by the browser before the actual request to check permissions

6. How can an AI help you debug a CORS error?

   1. By reading the error message and telling you exactly which header to add
   2. By deleting the code that caused the error
   3. By fixing the error automatically without any information
   4. By converting your website to a mobile app

7. In web development, what does the term 'origin' refer to?

   1. The combination of protocol, domain, and port that identifies a website
   2. The main developer on a team
   3. The starting point of a data file
   4. The root folder of a project

8. Which type of HTTP request is used for a preflight check?

   1. DELETE
   2. POST
   3. GET
   4. OPTIONS

9. You are building an API with Express. How can AI assist with CORS?

   1. By writing your HTML and CSS
   2. By adding CORS middleware to your Express route
   3. By testing your API performance
   4. By designing your database schema

10. What would happen if you try to set CORS rules only on the client side (in JavaScript)?

    1. Nothing—the browser will still block the request because CORS is server-side
    2. The browser will allow all requests
    3. The data will be encrypted automatically
    4. The request will work but be very slow

11. What distinguishes a 'simple request' from one that triggers a preflight?

    1. Simple requests use only safe methods and standard headers, avoiding preflight
    2. Simple requests can be made from any website
    3. Simple requests work without any internet connection
    4. Simple requests are faster because they skip error checking

12. Why does the browser enforce CORS rules rather than letting developers choose?

    1. Because CORS only works with paid APIs
    2. To protect users from malicious websites stealing their data
    3. Because browsers are too slow to process other types of requests
    4. To force developers to use only one domain

13. You paste a CORS error to AI and it suggests adding 'Access-Control-Allow-Origin: *'. When is this appropriate?

    1. During development when you want to test from any domain
    2. When you want to block all traffic
    3. When your API only accepts images
    4. When building a paid product

14. What causes a browser to show a CORS error in the console?

    1. The website has too many images
    2. The API response is in JSON format
    3. The user has JavaScript disabled
    4. The server's response lacks the required Access-Control headers

15. Which statement best describes what CORS prevents?

    1. A malicious website from making requests to another site on a user's behalf
    2. Webpages from loading too many images
    3. APIs from sending too much data
    4. Servers from running out of memory