I have always done this using a Hook script and plistbuddy. So I would place this in the hooks folder, making sure it's set to executable file permissions (755 will do):
#!/bin/bash
echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSExceptionDomains:DOMAIN_TO_SET_AS_EXCEPTION:NSTemporaryExceptionAllowsInsecureHTTPLoads bool true" platforms/ios/HelloCordova/HelloCordova-Info.plist 2>/dev/null)
echo "Done"
Replace "DOMAIN_TO_SET_AS_EXCEPTION" with your domain e.g. myhost.example.com - I'm not a fan of setting all domains open until you need them so recommend a whitelisting approach.
Then to get this to fire I modify config.xml in the iOS platform section to look like:
...
<platform name="ios">
<hook type="before_build" src="hooks/ios_ats.sh" />
...
I wrote a blog post showing this along with a complete example project on Github linked from the post that you can get an appropriate script from.