Try putting this into contentSecurityPolicy in Project Properties:
default-src * gap://ready file:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *
I ran a test project here. I was able to build for iOS and install OK, but got a white screen. Hooking up Safari in debug mode let me see that there were errors in the CSP. Looks like PhoneGaps’s requirements for this have changed.