Intercept API asset URLs at the SDK fetch layer instead of per-component rewriting to avoid footgun maintenance burden
When a Capacitor Android app receives API responses containing HTTP asset URLs (e.g. http://localhost:9020/ff-assets/...) that the WebView blocks (ERR_CLEARTEXT_NOT_PERMITTED), the tempting fix is to add a rewriteAssetUrl() call at each component that renders images. This is a footgun — every new component that touches an API-returned URL needs to remember to call it.\n\nBetter: intercept at the SDK fetch layer. If your API client accepts a custom fetch function (oazapfts, openapi-fetch, etc.), wrap it to do a string replace on the raw JSON response text before parsing:\n\ntypescript\nexport function wrapFetchWithAssetRewrite(originalFetch: typeof fetch): typeof fetch {\n if (!IS_CAPACITOR) return originalFetch;\n const assetsUrl = import.meta.env.VITE_FF_ASSETS_URL + '/';\n const ASSETS_RE = /https?:\\/\\/[^\"]*?\\/ff-assets\\//g;\n\n return async (input, init) => {\n const response = await originalFetch(input, init);\n if (!response.headers.get('content-type')?.includes('application/json')) return response;\n const text = await response.text();\n const rewritten = text.replace(ASSETS_RE, assetsUrl);\n if (text === rewritten) return new Response(text, response);\n return new Response(rewritten, { status: response.status, statusText: response.statusText, headers: response.headers });\n };\n}\n\n\nKey details:\n- [^\"]*? in the regex prevents crossing JSON string boundaries\n- Pre-compile the regex outside the function for perf\n- Short-circuit with text === rewritten to avoid constructing a new Response when nothing changed\n- No-op when not in Capacitor — return the original fetch unchanged\n- Apply once at SDK init, not per-component"