.htaccess

# micro-MVC :: HTACCESS configuration file
# Copyright (C) 2016 - 2024
# Open Software License (OSL 3.0)

Options All -Indexes
Options +FollowSymLinks

IndexIgnore *
DirectorySlash On
DirectoryIndex index.php
RewriteEngine On
RewriteBase /

#RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(.*)/$

# Fix trailing slash (HTTP)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]

# !!! ENABLE FOR HTTPS AND DISABLE THE ONE ABOVE :: Fix trailing slash (HTTPS) !!!
#RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1/ [R=301,L]

# Manage pages
RewriteRule ^(.*)/$ index.php?req=$1 [QSA,L]

# Add types aliases for web fonts
AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/x-font-woff .woff

# Check for headers module
<ifModule mod_headers.c>
  # Enable CORS for AJAX requests (Web services)
  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET,POST"
  Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"

  # Enable CSP
  Header set Content-Security-Policy "script-src 'self' 'unsafe-inline';"

  # Enable X-FRAME protection
  Header Always Set X-Frame-Options SAMEORIGIN

  # Enable XSS protection
  Header Set X-XSS-Protection "1; mode=block"

  # !!! Enable Cookie protection (Only HTTPS) !!!
  #Header Set Set-Cookie HttpOnly;Secure

  # Support varying encoding for compressed served files (GZip)
  <FilesMatch ".(js|css|xml|html|gz)$">
    Header Append Vary: Accept-Encoding
  </FilesMatch>

  # Expire multimedia (1 day)
  <filesMatch "\.(ico|jpe?g|png|gif|mp4|webm)$">
    Header Set Cache-Control "max-age=86400, public"
  </filesMatch>

  # Enable CORS for web fonts
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$">
		Header Add Access-Control-Allow-Origin "*"
	</FilesMatch>

  # Expire CSS (1 day)
  <filesMatch "\.(css)$">
    Header Set Cache-Control "max-age=86400, public"
  </filesMatch>

  # Expire JS (1 day)
  <filesMatch "\.(js)$">
    Header Set Cache-Control "max-age=86400, private"
  </filesMatch>

  # Expire HTML & PHTML (1 day)
  <filesMatch "\.(html|phtml)$">
    Header Set Cache-Control "max-age=86400, private, must-revalidate"
  </filesMatch>
</ifModule>

# Use caching with expiration module (1 day)
<ifModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 day"
    ExpiresByType image/x-icon "access plus 1 day"
    ExpiresByType image/jpg "access plus 1 day"
    ExpiresByType image/jpeg "access plus 1 day"
    ExpiresByType image/png "access plus 1 day"
    ExpiresByType image/gif "access plus 1 day"
    ExpiresByType video/mp4 "access plus 1 day"
    ExpiresByType video/webm "access plus 1 day"
    ExpiresByType text/css "access plus 1 day"
    ExpiresByType text/javascript "access plus 1 day"
    ExpiresByType application/javascript "access plus 1 day"
    ExpiresByType application/x-javascript "access plus 1 day"
    ExpiresByType text/html "access plus 1 day"
    ExpiresByType application/xhtml+xml "access plus 1 day"
</ifModule>

# Enable compression of files
<ifModule mod_deflate.c>
  # Common files
  <filesMatch "\.(html|phtml|js|css)$">
    SetOutputFilter DEFLATE
  </filesMatch>

  # Special files
  #AddOutputFilterByType DEFLATE font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype
</ifModule>

# Enable short tags for PHP 5
<IfModule mod_php5.c>
  php_value short_open_tag 1
</IfModule>

# Enable short tags for PHP 7
<IfModule mod_php7.c>
  php_value short_open_tag 1
</IfModule>

# Enable short tags for PHP 8+
<IfModule mod_php.c>
  php_value short_open_tag 1
</IfModule>

# Prevent viewing of certain files
<Files ~ "\.(phtml|cfg|log)$">
    Order Allow,Deny
    Deny From All
</Files>

# Prevent viewing of .htaccess
<Files .htaccess>
    Order Allow,Deny
    Deny From All
</Files>

# ----- End -----