Cross Origin Resource Sharing Language Collocations
Practise the standard verbs for configuring CORS safely.
0 / 5 completed
1 / 5
Fill in: 'We ___ a strict allow-list of origins instead of reflecting whatever Origin header a request sends.'
We 'configure' an allow-list — the standard collocation for setting up CORS policy. The other options aren't idiomatic here.
2 / 5
Fill in: 'A wildcard origin combined with credentials can ___ a serious cross-site data leak.'
We say misconfiguration will 'create' a leak — the standard, simple collocation for the resulting vulnerability. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ a preflight request before the browser sends the actual cross-origin call.'
We 'handle a preflight' — the standard, established CORS collocation for responding to the OPTIONS check. The other options aren't the recognised term here.
4 / 5
Fill in: 'We ___ only the specific headers and methods a client actually needs, not everything by default.'
We 'expose' headers — the standard, established CORS collocation for permitting client access to response headers. The other options aren't the recognised term here.
5 / 5
Fill in: 'We ___ CORS configuration in a security review whenever a new frontend origin is added.'
We 'revisit' configuration — the standard collocation for reviewing existing settings again. The other options are less idiomatic here.