Fabio (naif) Pietrosanti

Tor2web software is designed to handle https traffic without any additional proxy, in order to keep simplicity and self-contained software

Ah, got it! You are right! Tor2web should read it's configuration and support files (like certificates) before dropping the uid/gid becoming tor2web users. That way it could be root owned...

I think that we should just handle gracefully the error if javascript is disabled, something like "Javascript is disabled in your browser: Enable it to send your feedback or report...

Missing documentario to The wiki on how to customize tor2web

I'd suggest to make a completely new page "Customizing Tor2web", like we've done for globaleaks, describing the procedure to customize it and what can be customized

Didn't we received some criticism about the risks related to JSONP, being able to inject JS code into the client's browser (maybe there was a thread on tor-talk)? Wouldn't be...

Example: http://nichol.as/benchmark-of-python-web-servers

@usura I feel that this would be "unfair" because it would not enable the TorHS to discriminate when a connecting user is Anonymous (with TBB) or not (with Tor2web).

The problem is that, afaik, you can't run native code on Heroku, so you could run Python but you wont be able to execute Tor, that's a dependency of Tor2web...

> I saw that using buuldpacks something can be worked out eg. https://elements.heroku.com/buildpacks/todokku/heroku-buildpack-tor-proxy > > I'll try to experiment and keep you posted If you make it working, it means...