Interview kitsBlog

Your dream job? Lets Git IT.
Interactive technical interview preparation platform designed for modern developers.

XGitHub

Platform

  • Categories

Resources

  • Blog
  • About the app
  • FAQ
  • Feedback

Legal

  • Privacy Policy
  • Terms of Service

© 2026 LetsGit.IT. All rights reserved.

LetsGit.IT/Categories/Architecture
Architectureeasy

CORS: what is it and what does it NOT protect you from?

Tags
#architecture#web#cors#security
Back to categoryPractice quiz

Answer

CORS is a browser rule that controls which origins can read responses from your API via JavaScript. It’s not authentication and it doesn’t stop someone from calling your API from a server or tools like curl. You still need proper auth/authz and input validation on the server.

Advanced answer

Deep dive

Expanding on the short answer — what usually matters in practice:

  • Context (tags): architecture, web, cors, security
  • Scaling: what scales horizontally vs vertically, where bottlenecks appear.
  • Reliability: retries/circuit breakers/idempotency, observability (logs/metrics/traces).
  • Evolution: keep changes cheap (boundaries, contracts, tests).
  • Explain the "why", not just the "what" (intuition + consequences).
  • Trade-offs: what you gain/lose (time, memory, complexity, risk).
  • Edge cases: empty inputs, large inputs, invalid inputs, concurrency.

Examples

A tiny example (an explanation template):

// Example: discuss trade-offs for "cors:-what-is-it-and-what-does-it-not-protect-yo"
function explain() {
  // Start from the core idea:
  // CORS is a browser rule that controls which origins can read responses from your API via Ja
}

Common pitfalls

  • Too generic: no concrete trade-offs or examples.
  • Mixing average-case and worst-case (e.g., complexity).
  • Ignoring constraints: memory, concurrency, network/disk costs.

Interview follow-ups

  • When would you choose an alternative and why?
  • What production issues show up and how do you diagnose them?
  • How would you test edge cases?

Related questions

Architecture
Anti-corruption layer (ACL): what is it and when would you use it?
#architecture#ddd#integration
Architecture
Event sourcing: what is it and what are the main trade-offs?
#architecture#event-sourcing#events
Architecture
What is an ADR (Architecture Decision Record) and why is it useful?
#architecture#documentation#decisions
Architecture
What is a reverse proxy and what is it commonly used for?
#architecture#reverse-proxy#http
Architecture
Graceful degradation: what does it mean and how do you design for it?
#architecture#resilience#fallbacks
Architecture
Cache stampede (thundering herd): what is it and how do you mitigate it?
#architecture#caching#cache-stampede