Android vs iOS: http brittleness

Hello, I am developing an app for both iOS and Android.
In Android, I am using crosswalk.

My app uses whitelists in config.xml.

While http works on both platforms, on Android it seems very brittle. Every few tries, the http request simply locks, while in iOS it works all the time, so it’s not a server issue

While debugging in Android, the chrome debugger keeps reminding me of the following:

No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.

And yes, my index.html does not have a CSP. Does this matter?

My whitelist settings in config.xml are:

 <access origin="*"/>
  <allow-navigation href="*"/>
  <allow-intent href="*"/>

If I must add a CSP, what is a liberal CSP to use? I have local scripts, I also need external URLs to load (the URL base is configurable by the app, so I really want to make sure the CSP is liberal)

Any other reasons why http is so brittle in Android but not in iOS?

My ionic info:

Your system information:

OS: Mac OS X Yosemite
Node Version: v0.12.1
Cordova CLI: 5.0.0
Ionic CLI Version: 1.3.22
Xcode version: Xcode 6.3.1 Build version 6D1002
ios-sim version: 3.1.1
ios-deploy version: Not installed