API-25 — Server Error Response Does Not Expose Stack Trace
Error Handling
Backend API
API-25 — Server Error Response Does Not Expose Stack Trace
API-25 — Server Error Response Does Not Expose Stack Trace
Target
Backend API — Error Handling
Preconditions
- A server-side error can be triggered (e.g. by sending malformed input to a known endpoint)
Steps
- Send a request designed to trigger a server-side error
- Observe the response body
Expected Result
- The response returns an appropriate HTTP error code (500 or similar)
- The response body contains a generic error message
- No Laravel stack trace, file paths, or internal code details are included in the response