0 && $currentUserId !== $userId && !TenantScopeService::canAccess('users', $userId, $currentUserId)) { http_response_code(403); return; } $path = UserAvatarService::findAvatarPath($uuid, $size); if (!$path || !is_file($path)) { http_response_code(404); return; } $mime = UserAvatarService::detectMime($path); header('Content-Type: ' . $mime); header('X-Content-Type-Options: nosniff'); header('Content-Security-Policy: sandbox'); header('Cache-Control: private, max-age=300'); header('Content-Length: ' . filesize($path)); readfile($path);