Authorization failure error messages are no longer descriptive
Using Stripe 6.9.3, Civi 5.64.4, Formprotection 1.5.1
If RECAPTCHA validation fails, error messages are no longer descriptive.
We used to get: "Your reCAPTCHA validation was unsuccessful. Please try again, or contact us if the problem persists."
Now we get: "Sorry an error occurred and your request was not completed. (Error ID: rfRo-zOu2-JPdT)"
This is because the Stripe's APIv4 processPublic throws a new Exception 'Bad request' if the authorize event fails. This is caught by the core APIv4 handler and because anonymous users do not have the 'view debug output' permission, it rewrites the error message to the generic one here.
Does anyone know if there's a way to get past that handling from core APIv4 which rewrites potentially useful (and non-harmful) error messages to be generic?
If the user has 'view debug output' permission, then they just see 'Bad Request' which is the text which comes from Stripe's processPublic API, which we could customise [=