Description
I've just filed #342 to improve documentation for error handling for invalid requests and invalid responses respectively. This is only a first step because this keeps coming up and I think we agree it's about time to add some better default error handing logic.
This ticket aims to serve as a base to discuss how "default error handling logic" could look like.
For instance, we might want to just dump any Exception/Throwable including the full stack trace, but this may leak some application details to the outside. We may want to limit this to certain IP ranges only, but this won't work behind a reverse proxy anymore. We may want to add a "debug" flag or a DebugMiddleware, but this requires some explicit choice. We may want to respect PHP's error_reporting value, but it's unclear if this is how people understanding this configuration. We may want to log to STDERR instead of the response message, but it's unclear what effect this could have on existing deployments. We may want to apply our "default error handling logic" only if no explicit error is given, but it's unclear if this is what people expect when they start adding custom error handling logic.
Any input is welcome 👍