I was curious if any other admins have looked into this and found a solution to detect when a user has script blockers enabled.
Looking at the page code, it seems all the JS code is hosted by cloudfront.net, as well as amazonaws.com. However, Canvas appears to users to run "acceptably" without any of this code. In reality, however, this is not the case. The blocked code has lead to some of our users reporting bugs, putting in tickets, or students failing assignments because their script blockers are not allowing normal behavior. A good specific example is SafeScript and "File upload" assignments. With SafeScript enabled, file uploads fail (with no prompt of success nor failure) if instructure-uploads.s3.amazonaws.com is not white-listed. We also have a vendor who asks us to load a JS file to integrate with Canvas; with script blockers enabled, their extension (which adds a menu item in certain screens) never loads.
Our policy thus far has been to educate users, and let teachers decide to accept late work. But we're at ~8+ third-parties now that students need to white-list (and growing with nearly every LTI tool). A not-insignificant number of our tickets are simply script blocker issues.
I'd love to hear what you all have tried to combat this. I'm really hoping someone has found a way to detect the script blockers and prompt users what to white-list if a JS file fails to load.
We are giving the Canvas Admins area a little bit of love (especially questions that are really, really old) and just want to check in with you. This will also bring this question new attention.
Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment. Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.
We did not really find a "solution"...
We created an AWS account, and put our JS code there. If someone script-blocks amazonaws.com, canvas itself breaks wonderfully and without notice (can't upload files -- it fails/hangs without notice, can't view some pages -- they show a white screen that looks like it finished loading a page, but there's no content or failure notice)...
So we leverage the hope someone notices there's an issue and eventually white-lists the domain to get our own JS in.
That said, this is a terrible work-around that requires us to serve our JS out of AWS, and still counts on the user realizing their script blocker is causing problems.
We put in a feature/change request to add a notice about script blockers, but that didn't get enough votes (admins don't really get a lot of love).
It would have been ideal if Canvas could detect a script blocker when the students first visit the canvas home page / dashboard, and let us input a custom block of text (such as an explanation of the problem and a link to our help desk articles listing all the domains to white-list). Or at least mention that they have script blockers that are preventing core features from working (like uploading assignments, and using LTI's)