URL Validation passes with a url without a TLD

[cirolosapio]

Laravel Version

9.52.16

PHP Version

8.2.23

Database Driver & Version

No response

Description

The url validation rule passes on a url without a TLD, e.g. http://laravel

Steps To Reproduce

>>> Validator::validate(['test' => 'http://google'], ['test' => 'url'])
[
  "test" => "http://google",
]

related https://github.com/symfony/symfony/issues/44252

[github-actions[bot]]

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

[staudenmeir]

Hi @cirolosapio, URLs don't have to include a TLD to be valid, consider http://localhost for example.

related https://github.com/symfony/symfony/issues/44252

This Symfony issue describes the "opposite" case: A bug that stopped URLs without TLD from passing the validation.

[Jubeki]

Hey, I think the validator works as expected, because you can use such url for internal company networks, or with something like Docker (https://docs.docker.com/engine/network/#ip-address-and-hostname: a container's hostname defaults to be the container's ID in Docker. )

http://google

is in that regard a valid URL, even without a TLD.

See https://stackoverflow.com/a/28008119

The rule url checks not only for https or http, but for many different possible URL schemes: https://laravel.com/docs/11.x/validation#rule-url

If you want you can use active_url which will check for a valid A or AAAA record: https://laravel.com/docs/11.x/validation#rule-active-url

[crynobone]

Thanks @Jubeki @staudenmeir