feat(url): support private-use URI scheme redirect URIs (RFC 8252)#12
feat(url): support private-use URI scheme redirect URIs (RFC 8252)#12Meldiron wants to merge 2 commits into
Conversation
|
Thanks for contributing! This repository is a read-only mirror; development for this library happens in |
Greptile SummaryAdds an opt-in
Confidence Score: 4/5Safe to merge; the new flag is opt-in and all existing behavior is preserved. The implementation is correct and well-tested. The only gap is that getDescription() does not mention private-use scheme support when the flag is enabled, which can produce misleading validation error messages for callers. src/Validator/URL.php — specifically getDescription(), which does not reflect the new allowPrivateUseSchemes flag. Important Files Changed
|
What
Adds an opt-in
allowPrivateUseSchemesflag to theURLvalidator so it accepts authority-less private-use URI scheme redirect URIs per RFC 8252 §7.1 (reverse-DNS form), e.g.:Why
Appwrite Cloud implements OAuth 2.0 Dynamic Client Registration (RFC 7591). Native/desktop clients (e.g. Raycast) register redirect URIs using private-use URI schemes. These are valid URIs (
scheme:/path, no authority), but PHP'sFILTER_VALIDATE_URLrequires an authority component and rejects them, blocking legitimate client registration.How
public function __construct(..., protected bool $allowPrivateUseSchemes = false). Kept last so existing positional call sites are unaffected.allowPrivateUseSchemesis on, a value is accepted if it passes the existingfilter_varvalidation or it is a private-use URI scheme redirect URI:ctype_*, sinceparse_urldoes not enforce it — e.g. it would accept1com.raycast).http/https.scheme:/pathorscheme:path, plus optional query/fragment) is validated by reusingfilter_varwith a placeholder authority. Thescheme://…authority form is left to the existing logic.allowedSchemes,allowEmpty, andallowFragmentscontinue to apply uniformly, including to private-use URIs.Backward compatibility
Default behavior is unchanged (
allowPrivateUseSchemesdefaults tofalse). All pre-existing tests pass;isValid('http:/example.com')andisValid('example.com')remainfalse.Tests
Added
testAllowPrivateUseSchemesandtestAllowPrivateUseSchemesWithConstraints. Full suite: 135 tests, 878 assertions, green.🤖 Generated with Claude Code