# =============================================================================
# Vanakkam Kashi - GoKashi.in
# .htaccess configuration
# =============================================================================

# ----------------------------------------------------------------------
# Custom error pages
# ----------------------------------------------------------------------
ErrorDocument 404 /404.html
ErrorDocument 403 /404.html
ErrorDocument 500 /404.html

# ----------------------------------------------------------------------
# Force HTTPS (uncomment after SSL is installed)
# ----------------------------------------------------------------------
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Force HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Force www to non-www (canonical: gokashi.in without www)
    RewriteCond %{HTTP_HOST} ^www\.gokashi\.in [NC]
    RewriteRule ^(.*)$ https://gokashi.in/$1 [L,R=301]

    # Remove trailing slash from non-directory URLs
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)/$ /$1 [R=301,L]
</IfModule>

# ----------------------------------------------------------------------
# Default index
# ----------------------------------------------------------------------
DirectoryIndex index.html

# ----------------------------------------------------------------------
# Gzip compression
# ----------------------------------------------------------------------
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE font/woff
    AddOutputFilterByType DEFLATE font/woff2
    AddOutputFilterByType DEFLATE application/font-woff
    AddOutputFilterByType DEFLATE application/font-woff2
</IfModule>

# ----------------------------------------------------------------------
# Browser caching (Expires headers)
# ----------------------------------------------------------------------
<IfModule mod_expires.c>
    ExpiresActive On

    # Default
    ExpiresDefault                          "access plus 1 month"

    # HTML
    ExpiresByType text/html                 "access plus 1 hour"

    # Data
    ExpiresByType application/json          "access plus 0 seconds"
    ExpiresByType application/xml           "access plus 0 seconds"
    ExpiresByType text/xml                  "access plus 0 seconds"

    # Images
    ExpiresByType image/jpeg                "access plus 1 year"
    ExpiresByType image/png                 "access plus 1 year"
    ExpiresByType image/webp                "access plus 1 year"
    ExpiresByType image/gif                 "access plus 1 year"
    ExpiresByType image/svg+xml             "access plus 1 year"
    ExpiresByType image/x-icon              "access plus 1 year"

    # CSS / JS
    ExpiresByType text/css                  "access plus 1 year"
    ExpiresByType application/javascript    "access plus 1 year"
    ExpiresByType text/javascript           "access plus 1 year"

    # Fonts
    ExpiresByType font/ttf                  "access plus 1 year"
    ExpiresByType font/otf                  "access plus 1 year"
    ExpiresByType font/woff                 "access plus 1 year"
    ExpiresByType font/woff2                "access plus 1 year"
    ExpiresByType application/font-woff     "access plus 1 year"
    ExpiresByType application/font-woff2    "access plus 1 year"
</IfModule>

# ----------------------------------------------------------------------
# Cache-Control headers
# ----------------------------------------------------------------------
<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico|css|js|woff|woff2|ttf|otf)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>

    <FilesMatch "\.(html|htm)$">
        Header set Cache-Control "public, max-age=3600, must-revalidate"
    </FilesMatch>

    <FilesMatch "\.(xml|json)$">
        Header set Cache-Control "no-cache, must-revalidate"
    </FilesMatch>

    # Security headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

# ----------------------------------------------------------------------
# MIME types
# ----------------------------------------------------------------------
<IfModule mod_mime.c>
    AddType image/svg+xml                   svg svgz
    AddType image/webp                      webp
    AddType application/font-woff           woff
    AddType application/font-woff2          woff2
    AddType application/xml                 xml
</IfModule>

# ----------------------------------------------------------------------
# Disable directory browsing
# ----------------------------------------------------------------------
Options -Indexes

# ----------------------------------------------------------------------
# Block access to sensitive files
# ----------------------------------------------------------------------
<FilesMatch "^\.(htaccess|htpasswd|env|git|DS_Store)">
    Require all denied
</FilesMatch>

# ----------------------------------------------------------------------
# Character set
# ----------------------------------------------------------------------
AddDefaultCharset UTF-8
