The error code returned when using angular's $http service is status code = 0 reason = null, not very helpful, all the search results for this problem suggested that the problem could be in the server side where Cross-Origin Resource Sharing (CORS) needs to be enabled to accept requests from other domain, but I had this in place already.
Other posts suggested that the AndroidManifest.xml could be missing the line below, but again, this line was there as it is added by default when creating a project with Visual Studio's Tools for Apache Cordova.
<uses-permission android:name="android.permission.INTERNET" />And others pointed at the requirement of the Cordova's plugin whitelist, that needs to be installed and then it needs to specify in the config.xml the following line:
<access origin="protocol://domain" />After checking that all the configuration was in place, I started debugging the mobile application and pointing it to a development server instead, and found that the requests were not "leaving" the phone, the requests were failing all the same no matter what endpoint was configured and even with air plane mode on.
Finally I found that the web view in the latest Android versions makes use of Content Security Policy (CSP) on top of all the previous configuration. The solution was to add the back-end domain to this policy that looked like this by default:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">And now, after adding the connect-src directive:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src 'self' http://mybackendapi.herokuapp.com">
