It appears Android webview is now enforcing CORS and the error is not due to SSL but rather due to the basic auth. As you can see here:
CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
In order to resolve this, you will need to add this CORS header to your reverse proxy setup. Something like:
Access-Control-Allow-Headers: * or
Access-Control-Allow-Headers: Authorization should do the trick.
This does not require an app update but please let me know if you are able to add this header what the result is.