🐛 Bug Report: Cache-Control for /api/users/me/profile-picture.png is incorrect #208

New Issue

Closed

opened 2026-02-04 18:00:40 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-04 18:00:40 +03:00

Owner

Copy Link

Originally created by @cdemi on GitHub (Mar 15, 2025).

Reproduction steps

I have noticed that /api/users/me/profile-picture.png has cache-control: max-age=14400

Since this URL is the same for all Pocket ID users, whoever logs in first after the cache is empty, gets his picture set for all users

Expected behavior

I think either the URL should have a unique identifier per user or else the Cache-Control configuration should be no-store

Actual Behavior

Users are seeing pictures of other users

Version and Environment

v0.40.0

Log Output

No response

Originally created by @cdemi on GitHub (Mar 15, 2025). ### Reproduction steps I have noticed that `/api/users/me/profile-picture.png` has `cache-control: max-age=14400` Since this URL is the same for all Pocket ID users, whoever logs in first after the cache is empty, gets his picture set for all users ### Expected behavior I think either the URL should have a unique identifier per user or else the Cache-Control configuration should be `no-store` ### Actual Behavior Users are seeing pictures of other users ### Version and Environment v0.40.0 ### Log Output _No response_

OVERLORD added the bug label 2026-02-04 18:00:40 +03:00

OVERLORD closed this issue 2026-02-04 18:00:51 +03:00

OVERLORD commented 2026-02-04 18:01:01 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub (Mar 15, 2025):

You can get the profile picture per user by using a similar url to the below one:

/api/users<user-uuid-here>/profile-picture.png

@kmendell commented on GitHub (Mar 15, 2025): You can get the profile picture per user by using a similar url to the below one: `/api/users<user-uuid-here>/profile-picture.png`

OVERLORD commented 2026-02-04 18:01:10 +03:00

Author

Owner

Copy Link

@cdemi commented on GitHub (Mar 15, 2025):

I understand that, but in the login screen and in the user account manager at the top right is a profile picture with that URL. I should have made my report clearer.

An alternative would be to change the URL of the top right profile picture to the one with the user's UUID

@cdemi commented on GitHub (Mar 15, 2025): I understand that, but in the login screen and in the user account manager at the top right is a profile picture with that URL. I should have made my report clearer. An alternative would be to change the URL of the top right profile picture to the one with the user's UUID

OVERLORD commented 2026-02-04 18:01:19 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub (Mar 15, 2025):

Ahh okay i think i understand now, I will see what i can find/fix for this, but it may not be till tomorrow or early next week.

@kmendell commented on GitHub (Mar 15, 2025): Ahh okay i think i understand now, I will see what i can find/fix for this, but it may not be till tomorrow or early next week.

OVERLORD commented 2026-02-04 18:01:26 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub (Mar 16, 2025):

Fixed in v0.40.1.

@stonith404 commented on GitHub (Mar 16, 2025): Fixed in `v0.40.1`.

OVERLORD commented 2026-02-04 18:01:38 +03:00

Author

Owner

Copy Link

@cdemi commented on GitHub (Mar 17, 2025):

Thanks for this! I'm not sure if it's working correctly. The top right profile image still links to /api/users/me/profile-picture.png but now it returns 500: {"error":"Something went wrong"}.

In the logs I see:

pocketid  | [GIN] 2025/03/17 - 07:32:21 | 500 |      61.449µs |    GET      "/api/users/me/profile-picture.png"
pocketid  | Error #01: Invalid UUID

I think the path to the top right picture needs to be changed to the one with the user's UUID.

I have opened #353 to fix the issue

@cdemi commented on GitHub (Mar 17, 2025): Thanks for this! I'm not sure if it's working correctly. The top right profile image still links to `/api/users/me/profile-picture.png` but now it returns 500: `{"error":"Something went wrong"}`. In the logs I see: ``` pocketid | [GIN] 2025/03/17 - 07:32:21 | 500 | 61.449µs | GET "/api/users/me/profile-picture.png" pocketid | Error #01: Invalid UUID ``` I think the path to the top right picture needs to be changed to the one with the user's UUID. I have opened #353 to fix the issue

OVERLORD referenced this issue 2026-02-04 18:51:45 +03:00

🐛 Bug Report: Docker image for version v1.2.0 fails to start #324

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#208