Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make all third-party requests configurable #422

Closed
micahflee opened this issue Dec 1, 2015 · 6 comments
Closed

Make all third-party requests configurable #422

micahflee opened this issue Dec 1, 2015 · 6 comments

Comments

@micahflee
Copy link

Right now a default installation of Jitsi Meet automatically makes a handful of requests to third-party servers. Some of these might be useful (like Gravatar for avatars, or CallStats for analytics), but not everyone wants this.

It would be great if third-party requests could be configurable just by changing variables in config.js. Individual sites could make minor patches on their own to disable the third-party requests, but if they're using the official debian repository, updates will blow away their patches, so it would be great if these could be implemented in the main project.

The current version of Jitsi Meet makes requests to these domains:

  • gravatar.com: Avatars all get loaded from Gravatar. This should be optional, and if Gravatar is disabled then everyone's avatars can just be the same generic image, or a random image from a set of generic images.
  • callstats.io: A script tag in index.html loads a javascript file from api.callstats.io always, even if the service itself is disabled in config.js. The script tag shouldn't get loaded unless the server is using it.
  • google-analytics.com: A script tag in index.html loads analytics.js, which adds Google Analytics code to the page, using Jitsi's account. This should be optional, and if disabled in config.js it shouldn't make any requests to an analytics server.

As far as I can tell, these are the only third-party requests that get made by Jitsi Meet. I'm all for adding new functionality in the future that makes third-party requests, but it would be excellent if that functionality could always be optional so that servers where privacy is a big priority can choose to not use them.
@bickelj
Copy link
Contributor

bickelj commented Dec 4, 2015

See #427 for a possible approach addressing 2/3 third parties.

@micahflee
Copy link
Author

@bickelj nice!

Yes, Gravatar is more complicated. I wrote my own patch that basically rips out all the gravatar code and replaces it with local images: micahflee@b96dd15 but the Jitsi Meet project probably wants something more elegant, that gives people the option to still use Gravatar if they want.

@bgrozev
Copy link
Member

bgrozev commented Dec 5, 2015

@micahflee I think we could accept your solution, if you just make it optional (i.e. can be configured through config/interfaceConfig).

@bickelj
Copy link
Contributor

bickelj commented Dec 7, 2015

#427 now takes care of 3/3 third party requests.

@bickelj
Copy link
Contributor

bickelj commented Dec 9, 2015

Because #427 was just merged (thanks @bgrozev), this can probably be closed. Thanks @micahflee for bringing up the issue.

@micahflee
Copy link
Author

Awesome thank you so much @bickelj for making the PR. Now that it's merged and a new release has been made I just updated the debian package on my server, set disableThirdPartyRequests to true, and it works great!

@Echolon Echolon mentioned this issue Mar 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@micahflee @bgrozev @bickelj