# .htaccess in the root of your API directory (e.g., /api/)

# Turn on URL rewriting
RewriteEngine On

# Ensure Authorization header is passed to PHP scripts (important for JWT)
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Exclude existing files and directories from rewriting
# This is crucial for static files like images to be served directly by Apache/Nginx
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Rewrite all requests to public/index.php
# This sends all requests to your single entry point for API routes
RewriteRule ^(.*)$ public/index.php [QSA,L]

# --- CORS Configuration for Media Files ---
# This block applies specific headers to common image and video file extensions.
# It requires mod_headers to be enabled in your Apache configuration.
<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp|mp4|webm)$">
        # Set a temporary variable based on the allowed origins
        SetEnvIfNoCase Origin "http://localhost:7070$" ACAO_ORIGIN=$0
        SetEnvIfNoCase Origin "http://localhost:8080$" ACAO_ORIGIN=$0
        SetEnvIfNoCase Origin "https://rehlkocustomercare.com$" ACAO_ORIGIN=$0

        # If a match is found, set the header
        Header set Access-Control-Allow-Origin "%{ACAO_ORIGIN}e" env=ACAO_ORIGIN
        
        # Only for testing/development - less secure
        # Header set Access-Control-Allow-Origin "*" 

        # Allow common methods for fetching resources
        Header set Access-Control-Allow-Methods "GET, OPTIONS"

        # Allow common headers that browsers might send
        Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    </FilesMatch>
</IfModule>
# ------------------------------------------