Requirement
Our customer requires the following
- They host an HTML file that should be loaded in a Custom Chrome Tab on click of some element in our Android application.
- To access the HTML file on the client's server, the Android application needs to pass a request header. This a custom (non CORS whitelisted) header.
Implementation
Since Chrome custom tab has removed usage of custom headers. We had implemented a solution to use digital asset links to authorize the device and the resource
This solution worked well on initial release but everytime we release a new version of the Android application we hit a weird issue where digital asset links verification fails. Any guidance here would be appreciated.
How can you help?
Can anyone please guide me on any alternate proposals or solutions that we can look into? I have highlighted some solutions that we have thought of below.
- Solution 1 : Use WebViews:
This won't work for us because the user also needs to perform complex operations like logging into external sites from the webview. Google and other O-Auth providers have blocked support for authorizing through embedded browsers
- Solution 2 : Download HTML file from backend -
Have the Android application make an API call to our backend. The backend will download the resource using the header and forward the same to the Android. Android will save the content as an HTML file and then render the file as a url in the chrome tab. This solution is hacky and would like to avoid if possible.
