From: Juliusz Chroboczek <jch@irif.fr>
To: Francis Bolduc <fbolduc@gmail.com>
Cc: galene@lists.galene.org
Subject: [Galene] Re: Blur background
Date: Sun, 05 May 2024 21:14:44 +0200 [thread overview]
Message-ID: <87msp4dqaj.wl-jch@irif.fr> (raw)
In-Reply-To: <CAHpL4=ic_1tqQPu9zTrR3W=ZR7QqOeJssVyLFsQjuNHh-t4bhg@mail.gmail.com>
Hello Francis,
I'd really like to have background blur in Galene, but I don't see any
good way to do it without impairing the user's privacy.
> + <script src="https://cdn.jsdelivr.net/npm/set-interval-async"></script>
> + <script src="https://cdn.jsdelivr.net/npm/@tensorflow/tfjs-core"
> defer></script>
> + <script src="https://cdn.jsdelivr.net/npm/@tensorflow/tfjs-backend-webgl"
> defer></script>
> + <script src="https://cdn.jsdelivr.net/npm/@tensorflow-models/body-segmentation/dist/body-segmentation.js"
> defer></script>
> + <script src="https://cdn.jsdelivr.net/npm/@mediapipe/selfie_segmentation"
> defer></script>
That's problematic. One of the design criteria of Galene is that it
preserves the user's privacy. These links imply that everytime somebody
connects to any instance of Galene in the workld, the jsdelivr.net
distribution network is informed of the fact.
So either we bundle all the scripts in Galene, or this cannot go in.
> async function start() {
> +
> + offscreen = new OffscreenCanvas(1920, 1080);
> +
> + segmenter = await bodySegmentation.createSegmenter(
> + bodySegmentation.SupportedModels.MediaPipeSelfieSegmentation,
> + {
> + runtime: 'mediapipe',
> + solutionPath:
> 'https://cdn.jsdelivr.net/npm/@mediapipe/selfie_segmentation',
> + modelType: 'general'
> + }
> + );
This should be done lazily, in the filter, not at startup.
> + w.Header().Set("Access-Control-Allow-Origin", "*")
> + w.Header().Set("Access-Control-Allow-Methods", "GET")
> + w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
That's a potential security hole, since it makes Galene vulnerable to
cross-origin scripting attacks. What we do in Galene is to only set these
headers conditionally, in places that are known to be safe. See for example
https://github.com/jech/galene/blob/master/webserver/whip.go#L178
-- Juliusz
next prev parent reply other threads:[~2024-05-05 19:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-05 18:56 [Galene] " Francis Bolduc
2024-05-05 19:14 ` Juliusz Chroboczek [this message]
2024-05-05 19:35 ` [Galene] " Francis Bolduc
2024-05-05 20:47 ` Juliusz Chroboczek
2024-05-05 21:49 ` Francis Bolduc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msp4dqaj.wl-jch@irif.fr \
--to=jch@irif.fr \
--cc=fbolduc@gmail.com \
--cc=galene@lists.galene.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox