Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Selfie Segmentation (Javascript) requires unsafe-eval #3458

Closed
mark-beeby opened this issue Jun 23, 2022 · 14 comments
Closed

Selfie Segmentation (Javascript) requires unsafe-eval #3458

mark-beeby opened this issue Jun 23, 2022 · 14 comments
Assignees
@kuaashish
Labels
legacy:selfie segmentation Issues related to selfie segmentation platform:javascript MediaPipe Javascript issues platform:web web related type:bug Bug in the Source Code of MediaPipe Solution

Comments

@mark-beeby
Copy link

mark-beeby commented Jun 23, 2022
edited
Loading

System information (Please provide as much relevant information as possible)

  • Browser and version (e.g. Google Chrome, Safari) if the issue happens on browser: Chrome 102
  • Programming Language and version ( e.g. C++, Python, Java): Javascript
  • MediaPipe version: v0.8.10 (NPM @mediapipe/[email protected])
  • Solution ( e.g. FaceMesh, Pose, Holistic ): Selfie Segmentation

Describe the current behavior:

Selfie Segmentation is now totally incompatible with Chrome Extensions as it requires unsafe-eval, Chrome have recently revoked this option from extensions without exception (Manifest v3) and so today there is no workaround. The eval occurs through the use of dynamically generated functions, as seen in:- https://cdn.jsdelivr.net/npm/@mediapipe/[email protected]/selfie_segmentation_solution_simd_wasm_bin.js.

Describe the expected behavior:

Selfie Segmentation should not require unsafe-eval, as this is no longer an option for Chrome Extension developers.
emscripten also no longer requires the offending dynamic execution: emscripten-core/emscripten#5911

Standalone code to reproduce the issue:
Provide a reproducible test case that is the bare minimum necessary to replicate the problem. If possible, please share a link to Colab/repo link /any notebook:

https://ostap0207.github.io/mediapipe-selfie-segmentation-csp/index.html
Code: https://github.com/ostap0207/mediapipe-selfie-segmentation-csp/blob/master/index.html
This page has SCP set to disallow unsafe-eval.

Error in the console:

selfie_segmentation_solution_wasm_bin.js:9 Uncaught (in promise) EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://cdn.jsdelivr.net".
    at new Function (<anonymous>)
    at createNamedFunction (selfie_segmentation_solution_wasm_bin.js:9)
    at extendError (selfie_segmentation_solution_wasm_bin.js:9)
    at selfie_segmentation_solution_wasm_bin.js:9
    at qa.h (selfie_segmentation.js:50)
    at ta (selfie_segmentation.js:14)
    at ua.next (selfie_segmentation.js:15)
    at selfie_segmentation.js:40
    at new Promise (<anonymous>)
    at Y (selfie_segmentation.js:40)

There was a similar issue reported last year, but at the time developers had workarounds, given these are no longer available I'm very much hoping we can get this issue more attention.
@mark-beeby mark-beeby added the type:bug Bug in the Source Code of MediaPipe Solution label Jun 23, 2022
@kuaashish kuaashish added platform:javascript MediaPipe Javascript issues legacy:selfie segmentation Issues related to selfie segmentation platform:web web related labels Jun 24, 2022
@kuaashish kuaashish assigned mhays-google and unassigned kuaashish Jun 24, 2022
@kuaashish kuaashish added the stat:awaiting googler Waiting for Google Engineer's Response label Jun 24, 2022
@mark-beeby
Copy link
Author

@sureshdagooglecom / @kuaashish - a quick glance down the issues list shows @mhays-google no longer seems to support the MediaPipe project and this issue is likely to die without comment. Is there anyone else that might be able to input here?

@sgowroji sgowroji assigned tyrmullen and unassigned mhays-google Sep 2, 2022
@JamesOughton-about
Copy link

hi - any updates on this please?

@github-itsec-oculavis
Copy link

github-itsec-oculavis commented Sep 26, 2022
edited
Loading

Hi,
Is there any update on this issue?

@kuaashish kuaashish mentioned this issue Sep 28, 2022
Closed
@wolodev
Copy link

wolodev commented Nov 8, 2022
edited
Loading

Any update?
Same goes for hands and holistic packages as well :/

@desi-dimitrova
Copy link

I am facing the same issue with the holistic package when I am migrating a chrome extension from manifest v2 to v3... is there any update?

@nskaiser
Copy link

I too have this issue. I can no longer update my Chrome Extension which uses Manifest v2 and Holistic does not work with Manifest v3. What are our options here? Thanks.

@wolodev
Copy link

wolodev commented Jan 16, 2023

Actually options are limited. It would be doable with sandboxes pages, but currently they are bugged. Bug in chromium to follow: https://bugs.chromium.org/p/chromium/issues/detail?id=1247690.
@nskaiser @desi-dimitrova I don't know if the solution I came up with will work for you, but I load mediapipe inside Iframe(and open camera etc from there) and communicate the results via post-message.

@nskaiser
Copy link

Thanks for the suggestion. It unfortunately won't work for our application. This will prevent most new Chrome Extensions from utilizing MediaPipe so hopefully it can be addressed soon.

@ayushgdev ayushgdev mentioned this issue Jan 25, 2023
Closed
@SridhuSekar
Copy link

SridhuSekar commented Mar 30, 2023
edited
Loading

To migrate selfie segmentation from manifest V2 to V3 without using the unsafe-eval. You will have to replace the files with the one in the link below . Which worked for me in my project.
https://cdn.jsdelivr.net/npm/@mediapipe/[email protected]/

@kuaashish kuaashish assigned kuaashish and unassigned tyrmullen May 2, 2023
@kuaashish kuaashish removed the stat:awaiting googler Waiting for Google Engineer's Response label May 2, 2023
@kuaashish
Copy link
Collaborator

Hello @mark-beeby,
We are upgrading the MediaPipe Legacy Solutions to new MediaPipe solutions However, the libraries, documentation, and source code for all the MediaPipe Legacy Solutions will continue to be available in our GitHub repository and through library distribution services, such as Maven and NPM.

You can continue to use those legacy solutions in your applications if you choose. Though, we would request you to check new MediaPipe solutions which can help you more easily build and customize ML solutions for your applications. These new solutions will provide a superset of capabilities available in the legacy solutions.

@kuaashish kuaashish added the stat:awaiting response Waiting for user response label May 2, 2023
@github-actions
Copy link

This issue has been marked stale because it has no recent activity since 7 days. It will be closed if no further activity occurs. Thank you.

@github-actions github-actions bot added the stale label May 10, 2023
@github-actions
Copy link

This issue was closed due to lack of activity after being marked stale for past 7 days.

@google-ml-butler
Copy link

Are you satisfied with the resolution of your issue?
Yes
No

@ayushgdev ayushgdev removed stat:awaiting response Waiting for user response stale labels May 19, 2023
@mmerezhko-hv
Copy link

The problem is not solved. unsafe-eval - worst decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kuaashish kuaashish

Labels
legacy:selfie segmentation Issues related to selfie segmentation platform:javascript MediaPipe Javascript issues platform:web web related type:bug Bug in the Source Code of MediaPipe Solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests