fix: expand try-catch to include kernel boot and request creation

kayjoosten · kayjoosten · commit b781d370d2a2 · 2026-04-09T12:02:41.000+02:00
Include all pre-output bootstrap steps in the try-catch so that
kernel boot failures (e.g. misconfigured bundles) also return 503
instead of a PHP error page with HTTP 200.
diff --git a/public/index.php b/public/index.php
@@ -17,6 +17,25 @@
     if ($_ENV['APP_ENV'] === 'prod' && strlen($_ENV['APP_SECRET']) < 32) {
         throw new \RuntimeException('APP_SECRET must be at least 32 characters long in production.');
     }
+
+    $debug = filter_var($_ENV['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN);
+
+    if ($debug) {
+        umask(0000);
+
+        Debug::enable();
+    }
+
+    if ($trustedProxies = $_ENV['TRUSTED_PROXIES'] ?? false) {
+        Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
+    }
+
+    if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? false) {
+        Request::setTrustedHosts(explode(',', $trustedHosts));
+    }
+
+    $kernel = new Kernel($_ENV['APP_ENV'], $debug);
+    $request = Request::createFromGlobals();
 } catch (\Throwable $e) {
     http_response_code(503);
     header('Content-Type: application/json');
@@ -28,25 +47,6 @@
     echo json_encode($body) ?: '{"status":"DOWN"}';
     exit;
 }
-
-$debug = filter_var($_ENV['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN);
-
-if ($debug) {
-    umask(0000);
-
-    Debug::enable();
-}
-
-if ($trustedProxies = $_ENV['TRUSTED_PROXIES'] ?? false) {
-    Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
-}
-
-if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? false) {
-    Request::setTrustedHosts(explode(',', $trustedHosts));
-}
-
-$kernel = new Kernel($_ENV['APP_ENV'], $debug);
-$request = Request::createFromGlobals();
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);
