Code Room
Code reviewHard
Question
Review this Java internal-API proxy with a host allowlist.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
public String proxy(String rawUrl) throws Exception { URL u = new URL(rawUrl); if (!u.getHost().endsWith("trusted.internal.example.com")) { throw new SecurityException("host not allowed"); } HttpURLConnection c = (HttpURLConnection) u.openConnection(); c.setInstanceFollowRedirects(true); return new String(c.getInputStream().readAllBytes());}Run or narrate your approach, then ask the coach.