<IfModule mod_rewrite.c>
    RewriteEngine On

    # Force HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    # Preserve Authorization Header
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Route core requests to protection_public/index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ protection_public/index.php?$1 [L,QSA]
</IfModule>

# Preserve Authorization header fallback
SetEnvIf Authorization "(.+)" HTTP_AUTHORIZATION=$1

<IfModule mod_headers.c>
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Expose-Headers "Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Authorization"
    Header always set Access-Control-Max-Age "3600"
    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "Authorization, X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, X-Auth-Signature"

    # Do not use this with wildcard origin *
    # Header always set Access-Control-Allow-Credentials "true"
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
<IfModule mime_module>
    AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit