Open kloesing opened 12 years ago
We can't provide the same functionality if the user is disabling parts of JavaScript from NoScript.
This said probably I can write something that detects that the user is under strict JavaScript rules and display an error message that corresponds to that.
The only thing that could improve this is if we hosted the backend on the same machine that runs TorStatus, this way there would be no SOP violation and cases 2 and 3 would not occur.
Telling that JavaScript is required should help a lot. NoScript has it's uses, but when one gets told that the a site does not work without JavaScript and that's easy to recognize, users can be convinced to allow JavaScript from those domain/ resources. NoScript is still useful, because it still checks for XSS and still disables scripting for other non-white-listed resources.
It's pretty common to load data from other resources. My "test" involved the Firefox addon "Request Policy", which might not be used very often because it's often breaking websites. It shows what can happen when the datasource can't be accessed due to a firewall or hosts entry. I did not expect this to be common so maybe the error just could reflect it.
(Copied from https://trac.torproject.org/projects/tor/ticket/5168)
If there's anything that can be improved on Onionoo's side, please open a ticket at https://github.com/kloesing/Onionoo/issues .