<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# 🔒 SECURITY: BLOCK ACCESS TO CORE FRAMEWORK
<IfModule mod_authz_core.c>
    # Block all access to the core folder
    RewriteRule ^core/ - [F,L]

    # Block access to specific sensitive files anywhere
    <FilesMatch "^\.env|composer\.(json|lock)|package(-lock)?\.json|phpunit\.xml">
        Require all denied
    </FilesMatch>
</IfModule>
