Code Room
Code reviewHard
Question
Review this Go handler that fetches a user-supplied webhook URL for validation.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
func validateWebhook(w http.ResponseWriter, r *http.Request) { target := r.URL.Query().Get("url") u, err := url.Parse(target) if err != nil || (u.Scheme != "http" && u.Scheme != "https") { http.Error(w, "bad url", 400); return } if strings.Contains(u.Host, "169.254.169.254") { http.Error(w, "forbidden", 403); return } resp, err := http.Get(target) if err != nil { http.Error(w, "fetch failed", 502); return } defer resp.Body.Close() body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096)) w.Write(body)}Run or narrate your approach, then ask the coach.