diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 285c18c1f9..45deb026e4 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -824,12 +824,16 @@ func UsernameSubRoute(ctx *context.Context) {
 	reloadParam := func(suffix string) (success bool) {
 		ctx.SetParams("username", strings.TrimSuffix(username, suffix))
 		context_service.UserAssignmentWeb()(ctx)
+		if ctx.Written() {
+			return false
+		}
+
 		// check view permissions
 		if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
 			ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
 			return false
 		}
-		return !ctx.Written()
+		return true
 	}
 	switch {
 	case strings.HasSuffix(username, ".png"):
@@ -850,7 +854,6 @@ func UsernameSubRoute(ctx *context.Context) {
 			return
 		}
 		if reloadParam(".rss") {
-			context_service.UserAssignmentWeb()(ctx)
 			feed.ShowUserFeedRSS(ctx)
 		}
 	case strings.HasSuffix(username, ".atom"):
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index ddde415960..c35c920dbd 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -243,6 +243,8 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
 }
 
 func TestGetUserRss(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
 	user34 := "the_34-user.with.all.allowedChars"
 	req := NewRequestf(t, "GET", "/%s.rss", user34)
 	resp := MakeRequest(t, req, http.StatusOK)
@@ -253,6 +255,13 @@ func TestGetUserRss(t *testing.T) {
 		description, _ := rssDoc.ChildrenFiltered("description").Html()
 		assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
 	}
+
+	req = NewRequestf(t, "GET", "/non-existent-user.rss")
+	MakeRequest(t, req, http.StatusNotFound)
+
+	session := loginUser(t, "user2")
+	req = NewRequestf(t, "GET", "/non-existent-user.rss")
+	session.MakeRequest(t, req, http.StatusNotFound)
 }
 
 func TestListStopWatches(t *testing.T) {