Alex P b0494e8eef security: prevent video access for pending/denied sessions ... CRITICAL SECURITY FIX: Pending sessions (awaiting approval) were granted video.view permission, allowing denied sessions to see video when they reconnected. **Vulnerability:** 1. Session requests access and enters pending mode 2. Primary session denies the request 3. Denied session clicks "Try Again" and reconnects 4. New session enters pending mode but has video.view permission 5. User can see video stream despite being denied **Fix:** Remove PermissionVideoView from SessionModePending. Pending sessions now have NO permissions until explicitly approved by the primary session. This ensures: - Denied sessions cannot access video on reconnection - Only approved sessions (observer/queued/primary) can view video - CanReceiveVideo() properly blocks video frames for pending sessions		2025-10-08 20:26:18 +03:00
..
permissions.go	security: prevent video access for pending/denied sessions	2025-10-08 20:26:18 +03:00
types.go	fix: resolve all Go and TypeScript linting issues	2025-10-08 20:15:45 +03:00