As part of our rework of the game state handling (#48) we introduced subscriptions that are used to make sure the different game states (as observed by different seats / an observer) are sent correctly. This is to protect hidden game information.
The api for such a subscription is currently lacking validation, i.e. clients could still subscribe even though they don't occupy this seat, and receive hidden information that way.
Also the old API is still available, which exposes all moves of the game.
As part of our rework of the game state handling (#48) we introduced subscriptions that are used to make sure the different game states (as observed by different seats / an observer) are sent correctly. This is to protect hidden game information.
The api for such a subscription is currently lacking validation, i.e. clients could still subscribe even though they don't occupy this seat, and receive hidden information that way.
Also the old API is still available, which exposes all moves of the game.