From 28fed6e30dc5656648a6782f64727ebcedeba9e5 Mon Sep 17 00:00:00 2001
From: hexpunk <10983817+hexpunk@users.noreply.github.com>
Date: Thu, 7 Jul 2022 16:48:56 -0500
Subject: [PATCH] fix: :lock: Use safer default ACL

---
 s3upload.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/s3upload.js b/s3upload.js
index 7a30cb4..4a5d699 100644
--- a/s3upload.js
+++ b/s3upload.js
@@ -194,7 +194,7 @@ S3Upload.prototype.uploadToS3 = function(file, signResult) {
         headers['content-disposition'] = disposition + '; filename="' + fileName + '"';
     }
     if (!this.uploadRequestHeaders) {
-        xhr.setRequestHeader('x-amz-acl', 'public-read');
+        xhr.setRequestHeader('x-amz-acl', 'private');
     }
     [signResult.headers, this.uploadRequestHeaders].filter(Boolean).forEach(function (hdrs) {
         Object.entries(hdrs).forEach(function(pair) {