Google Chrome was upgraded in Play Store to 83.0.4103.106 version (https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html). In there, Google team did some enforcements to avoid JS injection. My android app uses CustomTabs to open some URLs, I use a Bundle with Browser.EXTRA_HEADERS to add one key-value pair to the headers request, this header is mandatory to open correctly the URLs. The bundle is added to the customTabsIntent.intent. In prior versions to 83, the app works as expected but now, with that upgrade, it seems like Google Chrome does not receive the header parameter I added, so the url does not load correctly. Any ideas of what I should change in the app or could be this a Google Chrome issue?
Note: That 83.0.4103.106 version for Google Chrome was release on June 15th, 2020.
EDIT: Google Team has answered about why they remove it:
Check full answer here
This is the result of a security fix [1] - basically since we don't know that the app launching a CCT is made by the same developer as the website, it technically counts as cross origin. Because of this we restricted the headers that could be set through the Browser.EXTRA_HEADERS to those on the CORS safelist...
