starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-11 07:42:58 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: Cache-Control for /api/users/me/profile-picture.png is incorrect #294

New Issue
Closed
opened 2025-10-08 00:01:53 +03:00 by OVERLORD · 5 comments
OVERLORD commented 2025-10-08 00:01:53 +03:00
Owner
Copy Link

Originally created by @cdemi on GitHub.

Reproduction steps

I have noticed that /api/users/me/profile-picture.png has cache-control: max-age=14400

Since this URL is the same for all Pocket ID users, whoever logs in first after the cache is empty, gets his picture set for all users

Expected behavior

I think either the URL should have a unique identifier per user or else the Cache-Control configuration should be no-store

Actual Behavior

Users are seeing pictures of other users

Version and Environment

v0.40.0

Log Output

No response

Originally created by @cdemi on GitHub. ### Reproduction steps I have noticed that `/api/users/me/profile-picture.png` has `cache-control: max-age=14400` Since this URL is the same for all Pocket ID users, whoever logs in first after the cache is empty, gets his picture set for all users ### Expected behavior I think either the URL should have a unique identifier per user or else the Cache-Control configuration should be `no-store` ### Actual Behavior Users are seeing pictures of other users ### Version and Environment v0.40.0 ### Log Output _No response_
OVERLORD added the bug label 2025-10-08 00:01:53 +03:00
OVERLORD commented 2025-10-08 00:01:56 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Ahh okay i think i understand now, I will see what i can find/fix for this, but it may not be till tomorrow or early next week.

@kmendell commented on GitHub: Ahh okay i think i understand now, I will see what i can find/fix for this, but it may not be till tomorrow or early next week.
OVERLORD commented 2025-10-08 00:01:56 +03:00
Author
Owner
Copy Link

@cdemi commented on GitHub:

Thanks for this! I'm not sure if it's working correctly. The top right profile image still links to /api/users/me/profile-picture.png but now it returns 500: {"error":"Something went wrong"}.

In the logs I see:

pocketid  | [GIN] 2025/03/17 - 07:32:21 | 500 |      61.449µs |    GET      "/api/users/me/profile-picture.png"
pocketid  | Error #01: Invalid UUID

I think the path to the top right picture needs to be changed to the one with the user's UUID.

I have opened #353 to fix the issue

@cdemi commented on GitHub: Thanks for this! I'm not sure if it's working correctly. The top right profile image still links to `/api/users/me/profile-picture.png` but now it returns 500: `{"error":"Something went wrong"}`. In the logs I see: ``` pocketid | [GIN] 2025/03/17 - 07:32:21 | 500 | 61.449µs | GET "/api/users/me/profile-picture.png" pocketid | Error #01: Invalid UUID ``` I think the path to the top right picture needs to be changed to the one with the user's UUID. I have opened #353 to fix the issue
OVERLORD commented 2025-10-08 00:01:57 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Fixed in v0.40.1.

@stonith404 commented on GitHub: Fixed in `v0.40.1`.
OVERLORD commented 2025-10-08 00:01:58 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

You can get the profile picture per user by using a similar url to the below one:

/api/users<user-uuid-here>/profile-picture.png

@kmendell commented on GitHub: You can get the profile picture per user by using a similar url to the below one: `/api/users<user-uuid-here>/profile-picture.png`
OVERLORD commented 2025-10-08 00:01:58 +03:00
Author
Owner
Copy Link

@cdemi commented on GitHub:

I understand that, but in the login screen and in the user account manager at the top right is a profile picture with that URL. I should have made my report clearer.

An alternative would be to change the URL of the top right profile picture to the one with the user's UUID

@cdemi commented on GitHub: I understand that, but in the login screen and in the user account manager at the top right is a profile picture with that URL. I should have made my report clearer. An alternative would be to change the URL of the top right profile picture to the one with the user's UUID
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#294
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?