The AuthorizationException handled here can have an optionally set status code. By default this status is null, so the previous code to map this to 403 seems correct. But if I throw a (new AuthorizationException())->withStatus(401) I would expect the exception handler to respect this code.
The AuthorizationException handled here can have an optionally set status code. By default this status is
null, so the previous code to map this to 403 seems correct. But if I throw a(new AuthorizationException())->withStatus(401)I would expect the exception handler to respect this code.