<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # --------------------------------------------
    # 🚫 Block access to sensitive files and folders
    # --------------------------------------------
    <FilesMatch "(^\.env|composer\.json|composer\.lock|artisan|\.git|\.env\.example|readme\.md|phpunit\.xml)$">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Block hidden files (.htaccess, .git, etc.)
    RewriteRule "(^|/)\." - [F]

    # --------------------------------------------
    # ✅ Handle Authorization Header
    # --------------------------------------------
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # ✅ Handle X-XSRF-Token Header
    RewriteCond %{HTTP:x-xsrf-token} .
    RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]

    # --------------------------------------------
    # 🚀 Redirect Trailing Slashes If Not A Folder
    # --------------------------------------------
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # --------------------------------------------
    # ⚙️ Send Requests To Front Controller
    # --------------------------------------------
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
