```python import urllib.request import ipaddress import socket import requests from requests_toolbelt.adapters import host_header_ssl as hhssl ALLOWED_SCHEMES = ['https'] ALLOWED_HOSTS = ['www.securecodewarrior.com', 'scw.io'] def get_data(url): # Check for allowed schemes and hosts, and public IP addresses parsed_url = urllib.parse.urlparse(url) if parsed_url.scheme not in ALLOWED_SCHEMES: raise ValueError(f'URL scheme {parsed_url.scheme} is not allowed') if parsed_url.hostname not in ALLOWED_HOSTS: raise ValueError(f'Host {parsed_url.hostname} is not allowed') try: ip = ipaddress.ip_address( socket.gethostbyname(parsed_url.hostname) ) except socket.gaierror: raise ValueError(f'Could not resolve IP address for host {parsed_url.hostname}') if ip.is_private: raise ValueError(f'IP address {ip} is private') session = requests.Session() session.mount('https://', hhssl.HostHeaderSSLAdapter()) url_with_ip = url.replace(parsed_url.hostname, str(ip)) response = session.request( 'GET', url_with_ip, json=None, allow_redirects=False, headers={'Host': parsed_url.hostname} ) return response.text ``` To avoid Server-Side Request Forgeries (SSRF).