Docker-jitsi-meet: Background blur tries to load data from third parties

Created on 17 Apr 2020  路  2Comments  路  Source: jitsi/docker-jitsi-meet

When I try to activate the background blur it doesn't work as docker-jitsi-meet trys to fetch data from third parties which is blocked by my CSP:

tf-core.esm.js:17 Refused to connect to 'https://storage.googleapis.com/tfjs-models/savedmodel/bodypix/mobilenet/quant2/050/model-stride16.json' because it violates the following Content Security Policy directive: "default-src 'self' *.mdosch.de". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

t.fetch @ tf-core.esm.js:17
(anonymous) @ tf-core.esm.js:17
(anonymous) @ tf-core.esm.js:17
(anonymous) @ tf-core.esm.js:17
(anonymous) @ tf-core.esm.js:17
u @ tf-core.esm.js:17
t.load @ tf-core.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
u @ tf-converter.esm.js:17
t.load @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
(anonymous) @ tf-converter.esm.js:17
u @ tf-converter.esm.js:17
wt @ tf-converter.esm.js:17
(anonymous) @ index.js:11
(anonymous) @ index.js:11
(anonymous) @ index.js:11
(anonymous) @ index.js:11
u @ index.js:11
gt @ index.js:11
(anonymous) @ index.js:11
(anonymous) @ index.js:11
(anonymous) @ index.js:11
(anonymous) @ index.js:11
u @ index.js:11
xt @ index.js:11
Bt @ index.js:11
(anonymous) @ md5.js:1
Promise.then (async)
s @ md5.js:1
(anonymous) @ md5.js:1
(anonymous) @ app.bundle.min.js?v=3969:126
(anonymous) @ md5.js:1
(anonymous) @ lodash.js:1
(anonymous) @ index.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ index.js:11
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ index.js:1
(anonymous) @ lodash.js:1
(anonymous) @ tslib.es6.js:17
(anonymous) @ tslib.es6.js:17
(anonymous) @ index.js:1
(anonymous) @ lodash.js:1
(anonymous) @ md5.js:1
(anonymous) @ md5.js:1
(anonymous) @ lodash.js:1
(anonymous) @ index.js:1
(anonymous) @ popper.js:25
(anonymous) @ md5.js:1
(anonymous) @ lodash.js:1
(anonymous) @ lodash.js:1
(anonymous) @ popper.js:25
(anonymous) @ lodash.js:1
(anonymous) @ index.js:1
(anonymous) @ lodash.js:1
(anonymous) @ index.js:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ index.js:1
(anonymous) @ tslib.es6.js:17
(anonymous) @ index.js:1
(anonymous) @ index.js:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ popper.js:25
(anonymous) @ lodash.js:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:210
(anonymous) @ tslib.es6.js:17
(anonymous) @ app.bundle.min.js?v=3969:1
(anonymous) @ app.bundle.min.js?v=3969:1
_handleClick @ md5.js:1
_onClick @ tslib.es6.js:17
m @ app.bundle.min.js?v=3969:184
w @ app.bundle.min.js?v=3969:184
(anonymous) @ app.bundle.min.js?v=3969:184
A @ app.bundle.min.js?v=3969:184
O @ app.bundle.min.js?v=3969:184
D @ app.bundle.min.js?v=3969:184
T @ app.bundle.min.js?v=3969:184
Mn @ app.bundle.min.js?v=3969:184
Bn @ app.bundle.min.js?v=3969:184
t.unstable_runWithPriority @ app.bundle.min.js?v=3969:192
fi @ app.bundle.min.js?v=3969:184
Rs @ app.bundle.min.js?v=3969:184
In @ app.bundle.min.js?v=3969:184
Show 73 more frames
tf-core.esm.js:17 Refused to connect to 'https://storage.googleapis.com/tfjs-models/savedmodel/bodypix/mobilenet/quant2/050/model-stride16.json' because it violates the document's Content Security Policy.

Can you consider to ship that data with docker-jitsi-meet? One reason for self-hosting is to not have to rely on third parties and to avoid connections to third parties when having private conversations.

Most helpful comment

Yeah, it seems to be not critical but if the license allows it I'd appreciate if it would be included in the jitsi-meet docker as I don't want to soften my CSP to allow external data. I can also live with background blur not working as it is not essential but I was curious how it would look like and wondered why it's not working.

All 2 comments

This background blur relies on some kind of machine learning model.
Seems to load only the model weights for the Tensorflow Model with this link.

Yeah, it seems to be not critical but if the license allows it I'd appreciate if it would be included in the jitsi-meet docker as I don't want to soften my CSP to allow external data. I can also live with background blur not working as it is not essential but I was curious how it would look like and wondered why it's not working.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

TeGuy picture TeGuy  路  4Comments

0187773933 picture 0187773933  路  7Comments

badsmoke picture badsmoke  路  5Comments

mfts picture mfts  路  6Comments

kheir95 picture kheir95  路  6Comments