I realized that when putting a not decodable "Update", the appropriate log is shown, but since the code continues to run, the other party receives a non descriptive 500 Internal Server Error and in the traceback an UnboundLocalError appears.

This could be easily fixed with adding update = None to line 149, but this means the sending party receives 200 OK while it is certainly not OK.

However, if I add a descriptive error here, bad actors could realize that they hit a telegram bot webhook and try to abuse it/spam it. Do we want that?

If people want to protect their webhooks, they should add the secret anyway. There we however raise if the wrong/none token has been supplied, already exposing that a PTB webhook is located behind the URL...

DEBUG:telegram.ext.Updater:0.0.0.0 - Exception in TelegramHandler
Traceback (most recent call last):
  File "/home/poolitzer/python-telegram-bot/venv/lib/python3.11/site-packages/tornado/web.py", line 1786, in _execute
    result = await result
             ^^^^^^^^^^^^
  File "/home/poolitzer/python-telegram-bot/telegram/ext/_utils/webhookhandler.py", line 159, in post
    if update:
       ^^^^^^
UnboundLocalError: cannot access local variable 'update' where it is not associated with a value