From 787c79e53f86d426a75b5e19b48d970c5ef6a845 Mon Sep 17 00:00:00 2001
From: Campbell <58050615+NinjaCheetah@users.noreply.github.com>
Date: Tue, 3 Feb 2026 20:13:54 -0500
Subject: [PATCH 1/2] Add handling for stray BadQueryErrors (#252)

---
 profiles/__init__.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/profiles/__init__.py b/profiles/__init__.py
index 90f43de..2289e29 100644
--- a/profiles/__init__.py
+++ b/profiles/__init__.py
@@ -89,7 +89,13 @@ def home(info=None):
 @auth.oidc_auth("default")
 @before_request
 def user(uid=None, info=None):
-    return render_template("profile.html", info=info, member_info=get_member_info(uid))
+    try:
+        return render_template("profile.html", info=info, member_info=get_member_info(uid))
+    except BadQueryError as bqe:
+        # ldap_get_member() returns a BadQueryError if getting the user's information fails.
+        # Flask already treats a stray BadQueryError as a 404, but actually handling it prevents the traceback
+        # from getting dumped into the log.
+        return render_template("404.html", message=bqe), 404
 
 
 @app.route("/results", methods=["POST"])
@@ -172,7 +178,10 @@ def logout():
 
 @app.route("/image/<uid>", methods=["GET"])
 def image(uid):
-    return get_image(uid)
+    try:
+        return get_image(uid)
+    except BadQueryError as bqe:
+        return render_template("404.html", message=bqe), 404
 
 
 @app.route("/clearcache")

From d7a5888cde73d7fa95449044d9eabd7cbd539b63 Mon Sep 17 00:00:00 2001
From: Cole Stowell <121599022+costowell@users.noreply.github.com>
Date: Thu, 9 Apr 2026 11:12:47 -0400
Subject: [PATCH 2/2] fix: people getting logged in as each other (#254)

---
 profiles/__init__.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/profiles/__init__.py b/profiles/__init__.py
index 2289e29..c2c6ddd 100644
--- a/profiles/__init__.py
+++ b/profiles/__init__.py
@@ -78,6 +78,14 @@
 # pylint: enable=wrong-import-position
 
 
+@app.after_request
+def set_cache_headers(response):
+    if "Cache-Control" not in response.headers:
+        response.headers["Cache-Control"] = "no-store"
+        response.headers["Vary"] = "Cookie"
+    return response
+
+
 @app.route("/", methods=["GET"])
 @auth.oidc_auth("default")
 @before_request