# API Directory .htaccess
RewriteEngine On

# Handle CORS Preflight OPTIONS requests
# RewriteCond %{REQUEST_METHOD} OPTIONS
# RewriteRule ^(.*)$ $1 [R=200,L]

# # Global CORS headers for frontend (e.g., Vite dev server on port 5173)
# <IfModule mod_headers.c>
#     Header always set Access-Control-Allow-Origin "http://localhost:5173"
#     Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
#     Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, Accept, Origin, Referer, User-Agent, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, sec-fetch-dest, sec-fetch-mode, sec-fetch-site"
#     Header always set Access-Control-Allow-Credentials "true"
#     Header always set Access-Control-Max-Age "86400"
# </IfModule>

# Route all requests to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]

