If we analyze the generated ipa file with ProvisionQL we can see that the allow insecure http loads is turned on:
How can we disable it?
This plugin may help:
This too:
but CSP may also be the way to go here.
Thanks, we fixed it by changing <allow-navigation href="*://*/*"/> to <allow-navigation href="https://*/*"/>.