# Enable CORS for all resources
Header set Access-Control-Allow-Origin "*"
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.html [L]
</IfModule>

<IfModule mod_headers.c>
    # X-Frame-Options to prevent clickjacking
    Header set X-Frame-Options "DENY"

    # Content Security Policy (CSP) to allow content from the specified domains
    Header set Content-Security-Policy "default-src *; script-src *; style-src *; img-src *; font-src *; object-src
    'none'; frame-ancestors 'none'"

    Header set Content-Security-Policy "style-src 'self' 'unsafe-inline';"


    # HTTP Strict Transport Security (HSTS)
    Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

    # X-Content-Type-Options to prevent MIME-type sniffing
    Header set X-Content-Type-Options "nosniff"

    # X-XSS-Protection to enable the cross-site scripting filter
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
