Blur plugin tries to establish connections to https://storage.googleapis.com

Description:

On my server I host a jitsi-meet instance according to DSGVO (GDPR) and therefore disabled all connections to external services like Gravatar and Google. The jitsi-meet config contains the following entry: disableThirdPartyRequests: true

My Content Security Policy directive contains “connect-src ‘self’” to not accidentally establish connections to foreign sites which may log user metadata.

When I try to click on the blur button nothing happens and the chrome web developer tools show the following warning:

tf-core.esm.js:17 Refused to connect to 'https://storage.googleapis.com/tfjs-models/savedmodel/bodypix/mobilenet/quant2/050/model-stride16.json' because it violates the following Content Security Policy directive: "connect-src 'self'".

Can we bundle this data with jitsi-meet instead and avoid the connection to Google? Or disable the button altogether when disableThirdPartyRequests: true is set?

Steps to reproduce:

see description.

Expected behavior:

I would like to use the blur feature without establishing connections to Google services.

Actual behavior:

see description.

Server information:

• Operating System: Debian Buster
• Jitsi Meet Version: 2.0.4627-1 (Stable Debian packages)

Nginx Version: 1.14.2-2+deb10u1 :

add_header Content-Security-Policy "connect-src 'self';";

Client information:

• Browser / app version: Chromium 84.0.4147.89 Arch Linux
• Operating System: Arch Linux (latest)