# Basic hardening
Options -Indexes

<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "DENY"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# CORS (adjust if needed)
<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET, OPTIONS"
  Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

RewriteEngine On

# Preflight
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ index.php [L]

RewriteRule ^config$ index.php [L,QSA]
RewriteRule ^radio$ index.php [L,QSA]
RewriteRule ^adhkar/categories$ index.php [L,QSA]
RewriteRule ^adhkar/items$ index.php [L,QSA]
RewriteRule ^health$ index.php [L,QSA]
