Help with Stuck Tests - Secure Multiplayer Game

Tell us what’s happening:

Mi proyecto “Secure Real Time Multiplayer Game” falla los tests de seguridad de Helmet (16-19). He verificado con las herramientas del navegador que mi servidor envía correctamente todas las cabeceras requeridas.

El test falla incluso cuando envío una URL completamente diferente como https://www.youtube.com, dando el mismo error exacto.

Esto prueba que el evaluador tiene un bug y no está procesando la URL, probablemente está atascado en un resultado fallido. ¿Podrían investigar o revisar mi pr

###Your project link(s)

solution: https://secure-multiplayer-emanuelgm1998-production.up.railway.app

githubLink: https://github.com/Emanuelgm1998/secure-multiplayer-emanuelgm1998

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Challenge Information:

Information Security Projects - Secure Real Time Multiplayer Game

Solution Link

Source Code Link

https://github.com/Emanuelgm1998/secure-multiplayer-emanuelgm1998

Desktop Screenshot 2025.07.25 - 04.27.04.201920×1080 186 KB

Desktop Screenshot 2025.07.25 - 04.29.13.551920×1080 192 KB

Desktop Screenshot 2025.07.30 - 23.41.03.431920×1080 185 KB

Desktop Screenshot 2025.07.30 - 23.41.20.301920×1080 188 KB

Solution Link

Source Code Link

open the browser console when you run the tests, you will see more details on the failures

Thanks for your reply.

I’ve double-checked everything as suggested — the browser console shows CORS errors on tests 16–19, even though all security headers are correctly set.

Headers are implemented:

• X-Powered-By: PHP 7.4.3
• Content-Security-Policy
• Cache-Control: no-store
• X-XSS-Protection, X-Content-Type-Options
• CORS enabled
• /api/app-info responds correctly

Live project: https://secure-multiplayer-emanuelgm1998-production.up.railway.app/
GitHub repo: GitHub - Emanuelgm1998/secure-multiplayer-emanuelgm1998

I believe the issue is on the test evaluator side.
Could you please manually validate the project so I can receive my Information Security Certification?

Thanks so much in advance — I really appreciate your time

That is not possible

look at how other people have solved the cors issue in the forum

for example

Hello, thank you for your reply.

I respectfully want to clarify that the example you shared (about bcrypt) is unrelated to my project. My issue is not about bcrypt, hashing, or local development, but with the Secure Real Time Multiplayer Game project, which uses WebSockets, Helmet, CSP headers, and other security configurations.

I have implemented all the required headers correctly:

• X-Powered-By: PHP 7.4.3
• Content-Security-Policy
• Cache-Control: no-store
• /api/app-info endpoint responds correctly
• Helmet v3 configuration applied correctly

I’ve tested this project on multiple platforms: Render, Codespaces, Railway, and Replit. In all cases, tests 16–19 fail due to CORS or validator limitations, not due to missing functionality or headers.

Other users have received manual validation in similar situations when tests fail due to environment issues. I kindly request the same review, since all the technical requirements are fulfilled and the project is fully functional.

Here is the project link again for review:
https://secure-multiplayer-emanuelgm1998-production.up.railway.app/

I would really appreciate your help in reviewing this case fairly.
Thank you very much,
Emanuel

It does not look like you have attempted the CORS fix in the linked thread. I would try that.

that is not something I have ever seen happening

while the project is a different one, the CORS issue experienced is the same

alternatively you can wait for the CORS issue to be solved on freeCodeCamp side

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.