Security
Execution Environment
All jobs run in a web worker. This has certain implications; for job script code does not have access to the DOM. Additionally, certain API's are not available in a web worker, for example to use canvas you need to use OffscreenCanvas. Refer to the Web Workers documentation for more information.
The following functions are also not allowed job scripts:
importScripts
- If you need to rely on third-party scripts they must be imported by following the Importing Scripts guide.eval
- For obvious reasons eval is not allowed.postMessage
- Attempting to post a message to the main thread is not allowed.
Restricted Domains
[XMLHttpRequest
])(https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) and fetch
are also limited.
Only GET
method is supported and only domains necessary to the functioning of the job are allowed.
Data Privacy
For jobs run in public mode (the default), any worker connected to PeerMR is eligible to process a job. This means that any data
being processed is not private, even if you take care to encrypt it and decrypt it during processing.
The workers will always have access to whatever data they process. Setting the privateMode
of a job execution to
true means that only workers you connect to PeerMR with your coordinator account are eligible to
process your jobs. This is the only way to ensure data privacy in PeerMR.