symfony · fabpot · Sep 22, 2025 · May 27, 2025
diff --git a/src/Symfony/Component/Validator/Constraints/Url.php b/src/Symfony/Component/Validator/Constraints/Url.php
@@ -40,7 +40,7 @@ class Url extends Constraint
     public $normalizer;
 
     /**
-     * @param string[]|null $protocols        The protocols considered to be valid for the URL (e.g. http, https, ftp, etc.) (defaults to ['http', 'https']
+     * @param string[]|null $protocols        The protocols considered to be valid for the URL (e.g. http, https, ftp, etc.) (defaults to ['http', 'https']; use ['*'] to allow any protocol or regex patterns like ['.*'] for custom matching)
      * @param bool|null     $relativeProtocol Whether to accept URL without the protocol (i.e. //example.com) (defaults to false)
      * @param string[]|null $groups
      * @param bool|null     $requireTld       Whether to require the URL to include a top-level domain (defaults to false)

diff --git a/src/Symfony/Component/Validator/Constraints/UrlValidator.php b/src/Symfony/Component/Validator/Constraints/UrlValidator.php
@@ -73,8 +73,15 @@ public function validate(mixed $value, Constraint $constraint): void
             $value = ($constraint->normalizer)($value);
         }
 
+        if (['*'] === $constraint->protocols) {
+            // Use RFC 3986 compliant scheme pattern: scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+            $protocols = '[a-zA-Z][a-zA-Z0-9+.-]*';
+        } else {
+            $protocols = implode('|', $constraint->protocols);
+        }
+
         $pattern = $constraint->relativeProtocol ? str_replace('(%s):', '(?:(%s):)?', static::PATTERN) : static::PATTERN;
-        $pattern = \sprintf($pattern, implode('|', $constraint->protocols));
+        $pattern = sprintf($pattern, $protocols);
 
         if (!preg_match($pattern, $value)) {
             $this->context->buildViolation($constraint->message)

diff --git a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
@@ -109,6 +109,115 @@ public function testValidRelativeUrlWithNewLine(string $url)
             ->assertRaised();
     }
 
+    /**
+     * Test that protocols: ['*'] allows any protocol
+     */
+    public function testProtocolsWildcardAllowsAnyProtocol()
+    {
+        $constraint = new Url(protocols: ['*'], requireTld: false);
+
+        $validUrls = [
+            'http://example.com',
+            'https://example.com',
+            'ftp://example.com',
+            'custom://example.com',
+            'myapp://example.com/path?query=1',
+            'git+ssh://git@github.com/repo.git',
+            'file://path/to/file',
+            'scheme123://example.com',
+            'a://example.com',
+        ];
+
+        foreach ($validUrls as $url) {
+            $this->validator->validate($url, $constraint);
+            $this->assertNoViolation();
+        }
+    }
+
+    /**
+     * Test that protocols: ['*'] still validates scheme format according to RFC 3986
+     */
+    public function testProtocolsWildcardRejectsInvalidSchemes()
+    {
+        $constraint = new Url(protocols: ['*'], requireTld: true);
+
+        $invalidUrls = [
+            '123://example.com',
+            '+scheme://example.com',
+            '-scheme://example.com',
+            '.scheme://example.com',
+            'example.com',
+            '://example.com',
+        ];
+
+        foreach ($invalidUrls as $url) {
+            $this->setUp();
+            $this->validator->validate($url, $constraint);
+
+            $this->buildViolation($constraint->message)
+                ->setParameter('{{ value }}', '"'.$url.'"')
+                ->setCode(Url::INVALID_URL_ERROR)
+                ->assertRaised();
+        }
+    }
+
+    /**
+     * Test that protocols: ['*'] works with relativeProtocol
+     */
+    public function testProtocolsWildcardWithRelativeProtocol()
+    {
+        $constraint = new Url(protocols: ['*'], relativeProtocol: true, requireTld: true);
+
+        $this->validator->validate('custom://example.com', $constraint);
+        $this->assertNoViolation();
+
+        $this->validator->validate('//example.com', $constraint);
+        $this->assertNoViolation();
+    }
+
+    /**
+     * Test that protocols: ['*'] works with requireTld
+     */
+    public function testProtocolsWildcardWithRequireTld()
+    {
+        $constraint = new Url(protocols: ['*'], requireTld: true);
+
+        $this->validator->validate('custom://example.com', $constraint);
+        $this->assertNoViolation();
+
+        $this->validator->validate('custom://localhost', $constraint);
+        $this->buildViolation($constraint->tldMessage)
+            ->setParameter('{{ value }}', '"custom://localhost"')
+            ->setCode(Url::MISSING_TLD_ERROR)
+            ->assertRaised();
+    }
+
+    /**
+     * Test that protocols accepts regex patterns
+     */
+    public function testProtocolsSupportsRegexPatterns()
+    {
+        $constraint = new Url(protocols: ['https?', 'custom.*'], requireTld: true);
+
+        $validUrls = [
+            'http://example.com',
+            'https://example.com',
+            'custom://example.com',
+            'customapp://example.com',
+        ];
+
+        foreach ($validUrls as $url) {
+            $this->validator->validate($url, $constraint);
+            $this->assertNoViolation();
+        }
+
+        $this->validator->validate('ftp://example.com', $constraint);
+        $this->buildViolation($constraint->message)
+            ->setParameter('{{ value }}', '"ftp://example.com"')
+            ->setCode(Url::INVALID_URL_ERROR)
+            ->assertRaised();
+    }
+
     public static function getValidRelativeUrls()
     {
         return [