Hide recovered panic message from client

[NathanBaulch]

What's the recommended way to catch and log panics but not forward them to the client and expose potentially sensitive server information?

The OOTB recovery middleware turns panics into internal errors containing the error text which a logging interceptor further up the stack can log. Unfortunately I can't just add an extra "error obfuscator" middleware because there's no easy way to differentiate between safe internal errors that my code generated versus sensitive internal errors from a recovered panic.

[johanbrandhorst]

You can configure the recovery handler using WithRecoveryHandler: https://github.com/grpc-ecosystem/go-grpc-middleware/blob/master/recovery/options.go#L30. With this you can do whatever you like with the recovered panic.