<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# ── Compression (Brotli preferred, deflate fallback) ──────────────────────────
<IfModule mod_brotli.c>
    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/css
    AddOutputFilterByType BROTLI_COMPRESS application/javascript application/json
    AddOutputFilterByType BROTLI_COMPRESS text/xml application/xml image/svg+xml
    AddOutputFilterByType BROTLI_COMPRESS font/woff2 font/woff application/font-woff2
</IfModule>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css
    AddOutputFilterByType DEFLATE application/javascript application/json
    AddOutputFilterByType DEFLATE text/xml application/xml image/svg+xml
    AddOutputFilterByType DEFLATE font/woff2 font/woff application/font-woff2
    # Remove browser bugs (for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary Accept-Encoding
</IfModule>

# ── Browser Caching ───────────────────────────────────────────────────────────
<IfModule mod_expires.c>
    ExpiresActive On

    # Images — 1 year (filenames have content-based query strings)
    ExpiresByType image/jpg           "access plus 1 year"
    ExpiresByType image/jpeg          "access plus 1 year"
    ExpiresByType image/png           "access plus 1 year"
    ExpiresByType image/gif           "access plus 1 year"
    ExpiresByType image/webp          "access plus 1 year"
    ExpiresByType image/svg+xml       "access plus 1 year"
    ExpiresByType image/x-icon        "access plus 1 year"
    ExpiresByType image/vnd.microsoft.icon "access plus 1 year"

    # CSS & JS — 1 year (versioned via ?v=timestamp in blade)
    ExpiresByType text/css            "access plus 1 year"
    ExpiresByType text/javascript     "access plus 1 year"
    ExpiresByType application/javascript "access plus 1 year"

    # Fonts — 1 year
    ExpiresByType font/woff2          "access plus 1 year"
    ExpiresByType font/woff           "access plus 1 year"
    ExpiresByType font/ttf            "access plus 1 year"
    ExpiresByType application/font-woff2 "access plus 1 year"

    # Web manifest / favicons
    ExpiresByType application/manifest+json "access plus 1 week"
    ExpiresByType text/cache-manifest       "access plus 0 seconds"

    # Default (HTML pages — no client cache; let CacheHeaders middleware handle)
    ExpiresDefault "access plus 0 seconds"
</IfModule>

<IfModule mod_headers.c>
    # Immutable cache for versioned static assets
    <FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|webp|ttf)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>

    # Security headers
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
</IfModule>

# ── Keep-Alive ────────────────────────────────────────────────────────────────
<IfModule mod_headers.c>
    Header set Connection keep-alive
</IfModule>

# ── ETags ─────────────────────────────────────────────────────────────────────
FileETag MTime Size
