From c76a66be28ac439d6c1cd8a9a124c87fb3493205 Mon Sep 17 00:00:00 2001
From: Vladislav Grechannik <vgrechannik@gmail.com>
Date: Fri, 30 Jan 2026 18:48:47 +0100
Subject: [PATCH] Stop storing media in shared caches

Cache-Control=public leads to everyone being able to GET media from some shared cache (e.g. Cloudflare's)
---
 src/service/media/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/service/media/mod.rs b/src/service/media/mod.rs
index 765a2f70..9cd20600 100644
--- a/src/service/media/mod.rs
+++ b/src/service/media/mod.rs
@@ -40,7 +40,7 @@ pub struct Service {
 pub const MXC_LENGTH: usize = 32;
 
 /// Cache control for immutable objects.
-pub const CACHE_CONTROL_IMMUTABLE: &str = "public,max-age=31536000,immutable";
+pub const CACHE_CONTROL_IMMUTABLE: &str = "private,max-age=31536000,immutable";
 
 /// Default cross-origin resource policy.
 pub const CORP_CROSS_ORIGIN: &str = "cross-origin";