Since you're using the Developer App, that complicates things a bit, since it isn't a perfect representation of what your app will really do when built on its own. So you might want to do that first.
I would also:
- Ensure that your domain is added to your CSP (content-security-policy) meta tag. If you don't have one, get one. Learn more at the whitelist docs in the next point.
- When you build your app, ensure that the domain is added appropriately to the whitelist (<access origin=... />). Read the docs: cordova-plugin-whitelist - Apache Cordova
- Log more useful information in your xhr.onerror method.
- Investigate the browser's debugging console (Using Chrome for Android or Safari for iOS), which may also indicate useful information. Note: You can't do this with the PG Dev app. You'll have to build your app via the CLI or PGB, /OR/ use Weinre (but it isn't quite the same as using the browser's debugger.)
Thanks kerrishot, I created a "dummy" CSP from Content Security Policy Header Generator.
I inserted in my index.xhtml a meta tag below (it's just narrowly goes Improved):
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline'; object-src *; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src *; frame-src *; connect-src *" />