From fda15cd2cd0a1b86cd1495db05255ebc33d8e6c1 Mon Sep 17 00:00:00 2001
From: Rotzbua <Rotzbua@users.noreply.github.com>
Date: Mon, 22 Dec 2025 20:29:36 +0100
Subject: [PATCH] chore: use more explicit error handling with `json_encode`

Remove `JSON_NUMERIC_CHECK` because setting enables autocasting which is not intended and can cause random runtime errors.
According to documentation: `Encodes numeric strings as numbers.`
---
 src/VAPID.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/VAPID.php b/src/VAPID.php
index f44bdf0..bbc527c 100644
--- a/src/VAPID.php
+++ b/src/VAPID.php
@@ -113,13 +113,18 @@ public static function getVapidHeaders(
             'alg' => 'ES256',
         ];
 
-        $jwtPayload = json_encode([
-            'aud' => $audience,
-            'exp' => $expiration,
-            'sub' => $subject,
-        ], JSON_UNESCAPED_SLASHES | JSON_NUMERIC_CHECK);
-        if (!$jwtPayload) {
-            throw new \ErrorException('Failed to encode JWT payload in JSON');
+
+        try {
+            $jwtPayload = json_encode(
+                [
+                    'aud' => $audience,
+                    'exp' => $expiration,
+                    'sub' => $subject,
+                ],
+                JSON_THROW_ON_ERROR | JSON_UNESCAPED_SLASHES
+            );
+        } catch (\JsonException $e) {
+            throw new \ErrorException('Failed to encode JWT payload in JSON: '.$e->getMessage());
         }
 
         [$x, $y] = Utils::unserializePublicKey($publicKey);