Symfony version(s) affected

≥ 5.4

Description

Because HttpUtils::generateUri considers $path a route name if it does not start with http or /, DefaultAuthenticationSuccessHandler will crash for any target URL whose scheme does not start with http.

How to reproduce

Simplest way to reproduce is to create a login form configured with always_use_default_target_path and default_target_path as a URL whose scheme does not start with http, like android-app://com.google.android.gm/ (see #50385).

Possible Solution

I think HttpUtils::generateUri should consider any URL as one, whatever its scheme.

Then, maybe DefaultAuthenticationSuccessHandler could expose a mechanism to confirm whether to redirect to the referrer?

Additional Context

No response