Recently I used UrlType and Url constraint and faced some issues:

(1) The default value of the default_protocol option is http

This is problematic because:

(1.1) http is too legacy; it should be https

(1.2) If this option is different from null, the form field is rendered as <input type="text" inputmode="url"> instead of <input type="url"> So, the default behavior is not what you expect. Should we change the default value to null?

(2) Minor but, first I used https:// as the value of default_protocol (instead of https, which is the right value). This means that if you input foo, the value is updated as https://://foo instead of just https://foo

If this happened to others too, maybe we could validate the values passed to this option?

(3) The Url constraint considers something like aaa as a valid URL. I guess this is correct according to some RFC, but it's not what most people would like to accept as a valid URL.

Should we add a config option to require the presence of at least one TLD? Note that I'm not thinking about validating that the TLD is correct, because there are too many TLDs and change often.

Thanks!