# StudyPanda Backend Security
# Disable directory listing
Options -Indexes

# Deny access to sensitive files
<FilesMatch "^(config\.php|\.htaccess|\.env)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect database folder
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^database/ - [F,L]
</IfModule>

# Allow API access
<Files "api.php">
    Order allow,deny
    Allow from all
</Files>

# Set proper content type for API responses
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
</IfModule>
