# ===== Textway .htaccess — production-ready Apache config =====

# Default page
DirectoryIndex index.html

# Custom error pages
ErrorDocument 404 /404.html
ErrorDocument 403 /404.html
ErrorDocument 500 /404.html

# Force HTTPS
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

  # Remove .html extension from URLs (pretty URLs)
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME}\.html -f
  RewriteRule ^([^.]+)$ $1.html [NC,L]

  # Redirect .html URLs to clean URLs (301 permanent)
  RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.html [NC]
  RewriteRule ^ %1 [R=301,L]

  # Redirect www to non-www (or vice versa — adjust as preferred)
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
</IfModule>

# ===== Security headers =====
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "SAMEORIGIN"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
  Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
</IfModule>

# ===== Gzip / Deflate compression =====
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json application/xml text/xml image/svg+xml font/ttf font/otf font/woff font/woff2
</IfModule>

# ===== Browser caching =====
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault                              "access plus 1 month"
  ExpiresByType text/html                     "access plus 0 seconds"
  ExpiresByType text/css                      "access plus 1 year"
  ExpiresByType text/javascript               "access plus 1 year"
  ExpiresByType application/javascript        "access plus 1 year"
  ExpiresByType image/jpeg                    "access plus 1 year"
  ExpiresByType image/png                     "access plus 1 year"
  ExpiresByType image/webp                    "access plus 1 year"
  ExpiresByType image/svg+xml                 "access plus 1 year"
  ExpiresByType image/x-icon                  "access plus 1 year"
  ExpiresByType font/woff                     "access plus 1 year"
  ExpiresByType font/woff2                    "access plus 1 year"
  ExpiresByType video/mp4                     "access plus 1 month"
  ExpiresByType application/pdf               "access plus 1 month"
</IfModule>

# ===== Charset =====
AddDefaultCharset UTF-8

# ===== Disable directory listing =====
Options -Indexes

# ===== Protect sensitive files =====
<FilesMatch "^\.(htaccess|htpasswd|env|git)">
  Require all denied
</FilesMatch>

# ===== Cross-origin for fonts =====
<FilesMatch "\.(ttf|otf|woff|woff2)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>
