Code Room
Code reviewHardcr-g025
Subject SsrfLevel Senior–Staff~30 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Go handler that fetches a user-supplied webhook URL for validation.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewgo
func validateWebhook(w http.ResponseWriter, r *http.Request) {    target := r.URL.Query().Get("url")    u, err := url.Parse(target)    if err != nil || (u.Scheme != "http" && u.Scheme != "https") {        http.Error(w, "bad url", 400); return    }    if strings.Contains(u.Host, "169.254.169.254") {        http.Error(w, "forbidden", 403); return    }    resp, err := http.Get(target)    if err != nil { http.Error(w, "fetch failed", 502); return }    defer resp.Body.Close()    body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))    w.Write(body)}
Run or narrate your approach, then ask the coach.