[Bug]: App crash when adding Basic Auth to server.url in Capacitor 6.0

[patrik-skilling]

Capacitor Version

💊   Capacitor Doctor  💊 

Latest Dependencies:

  @capacitor/cli: 5.7.2
  @capacitor/core: 5.7.2
  @capacitor/android: 5.7.2
  @capacitor/ios: 5.7.2

Installed Dependencies:

  @capacitor/ios: 6.0.0-rc.0
  @capacitor/cli: 6.0.0-rc.0
  @capacitor/android: 6.0.0-rc.0
  @capacitor/core: 6.0.0-rc.0

[success] Android looking great! 👌

Other API Details

No response

Platforms Affected

• iOS
• Android
• Web

Current Behavior

When adding Basic Auth to server.url app crash and you get an stacktrace that says IllegalArgumentException: allowedOriginRules https://{BasicAuth}/{Domain} is invalid. I know this works well in Capacitor 5.0 with previous versions.

See screenshot

Expected Behavior

App should load when server url includes Basic Auth. If it's intended that Basic Auth will not be allowed please respond with reason for the change.

Project Reproduction

https://github.com/patrik-skilling/public-capacitor-6-basic-auth-demo

Additional Information

No response

[patrik-skilling]

I am guessing you also want to remove the Basic Auth string from the Uri before loading the WebView.
Or rewrite the allowedOrigin to look at Location or similar instead.

    private void loadWebView() {
        final boolean html5mode = this.config.isHTML5Mode();
        // Start the local web server
        JSInjector injector = getJSInjector();
        if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
            WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(appUrl));
            String allowedOrigin = appUrl;
            Uri appUri = Uri.parse(appUrl);
            if (appUri.getPath() != null) {
                // Remove paths in uri
                allowedOrigin = appUri.toString().replace(appUri.getPath(), "");
                // Remove Basic Auth string (pseudo code)
                allowedOrigin = appUri.toString().replace(appUri['Basic Auth'], "");
            }
            WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
            injector = null;
        }

[patrik-skilling]

Here is the code fix I made to solve it locally:

private void loadWebView() {
    final boolean html5mode = this.config.isHTML5Mode();

    // Start the local web server
    JSInjector injector = getJSInjector();
    if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
        Uri appUri = Uri.parse(appUrl);
        String scheme = appUri.getScheme() + "://";
        String host = appUri.getHost(); 
        String allowedOrigin = scheme + host;
        WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
        injector = null;
    }

[ionitron-bot]

This issue has been labeled as type: bug. This label is added to issues that that have been reproduced and are being tracked in our internal issue tracker.

[k-di]

Same issue happens when you add custom androidScheme like

server: {
  hostname: 'example',
  androidScheme: 'scheme'
}

java.lang.IllegalArgumentException: allowedOriginRules scheme://example is invalid

Reproducible with initial capacitor application 6.1.0

[ionitron-bot]

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.