Symfony version(s) affected

6.3.1

Description

The following code used to work with symfony 6.3.0 but not with 6.3.1.

In services.yaml:

parameters:
    env(HTTP_UNIQUEID): ~

In a service:

    public function __construct(
        #[Autowire('%env(string:HTTP_UNIQUEID)%')] ?string $xRequestId
    ) {
        // symfony 6.3.0: $xRequestId is null
        // symfony 6.3.1: $xRequestId is ""
        $this->xRequestId = $xRequestId ?? $this->generateSafeUnpredictableId();
    }

With symfony 6.3.1, the $xRequestId is the empty string. It defeats the call to generateSafeUnpredictableId().

This issues was introduced by this change: symfony/dependency-injection@6c3c271#diff-0ebfb024d710d87ccb36098690a9aa8ec4cea8bae635a2c5f95813e3ceba3dabR184

This is a big BC break for a minor version change.

How to reproduce

In services.yaml:

parameters:
    env(HTTP_UNIQUEID): ~

In a service:

    public function __construct(
        #[Autowire('%env(string:HTTP_UNIQUEID)%')] ?string $xRequestId
    ) {
        // symfony 6.3.0: $xRequestId is null
        // symfony 6.3.1: $xRequestId is ""
        $this->xRequestId = $xRequestId ?? $this->generateSafeUnpredictableId();
        // $this->xRequestId is the very predictable empty string!
    }

Possible Solution

Replace

if (!\in_array($prefix, ['string', 'bool', 'not', 'int', 'float'], true)) {
    return null;
}

with

return null;

when $env is null in EnvVarProcessor.php.

Additional Context

Apache with the unique_id module generates a unique id for each request it processes. The unique id is stored in HTTP_UNIQUEID.

When the unique_id module is not enabled or caddy is used instead of apache, there are no HTTP_UNIQUEID. It must be generated on the fly by the service.

As a quick patch, I simply check if the env var is the empty string but this is a big BC break that's not easy to spot.