# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

<IfModule mod_headers.c>
    # Allow CORS from local frontend and production frontend domains
    SetEnvIfNoCase Origin "^https?://(localhost:3000|127\.0\.0\.1:3000|gcm\.co\.ke|www\.gcm\.co\.ke)$" ACAO=$0

    Header always set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
    Header always set Access-Control-Allow-Credentials "true" env=ACAO
    Header always set Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" env=ACAO
    Header always set Access-Control-Allow-Headers "Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-TOKEN" env=ACAO
    Header always set Vary "Origin"
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
  RewriteBase /backend/

  # Shared-hosting fallback: if /public/storage is blocked or symlink-disabled,
  # route storage URLs to Laravel file streamer route instead.
  RewriteRule ^public/storage/(.*)$ public/files/$1 [L,NC,PT,QSA]
  RewriteRule ^storage/(.*)$ public/files/$1 [L,NC,PT,QSA]

    # Preserve Authorization header for JWT auth
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

  # Route API calls to Laravel public/ so /backend/api/* works
  RewriteRule ^api/(.*)$ public/api/$1 [L,NC,PT]

  # Route backend root to Laravel public
  RewriteRule ^$ public/ [L,NC]

    # If request is not a real file/folder, route through Laravel public directory
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ public/$1 [L,NC,PT]
</IfModule>
