Add note regarding return value of authorize method

Note kind of shows differences between policy method authorize
(exception is thrown), and request authorize (only response is
returned).

Author: Kyslik

validation.md

@@ -247,7 +247,9 @@ Since all form requests extend the base Laravel request class, we may use the `u
 
     Route::post('comment/{comment}');
 
-If the `authorize` method returns `false`, a HTTP response with a 403 status code will automatically be returned and your controller method will not execute.
+If the `authorize` method returns `false`, a HTTP response with a 403 status code will automatically be returned and your controller method will not execute.
+
+> {note} Method `authorize` returns response object (`\Symfony\Component\HttpFoundation\Response`) and does not throw `\Symfony\Component\HttpKernel\Exception\HttpException`, therefore [custom HTTP error page](/docs/{{version}}/errors#custom-http-error-pages) will not be displayed.
 
 If you plan to have authorization logic in another part of your application, simply return `true` from the `authorize` method: