# ======================================================
# InfiniteLoop Innovations - SAFE PRODUCTION .htaccess
# Namecheap Shared Hosting Compatible
# ======================================================

# -------------------------
# CORE
# -------------------------
RewriteEngine On
Options -Indexes

# -------------------------
# ALLOW STATIC ASSETS
# -------------------------
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|svg|webp|ico|woff|woff2|ttf|eot|map)$">
    Require all granted
</FilesMatch>

# -------------------------
# SECURITY HEADERS (SAFE)
# -------------------------
<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

# -------------------------
# BLOCK DANGEROUS METHODS
# -------------------------
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|DELETE|DEBUG) [NC]
RewriteRule .* - [F,L]

# -------------------------
# PROTECT SENSITIVE FILES
# -------------------------
<Files ".htaccess">
    Require all denied
</Files>

<FilesMatch "(^\.|\.env|\.git|\.sql|\.log|\.bak|\.conf|composer\.(json|lock))">
    Require all denied
</FilesMatch>

# -------------------------
# GZIP COMPRESSION
# -------------------------
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json image/svg+xml
</IfModule>

# -------------------------
# BROWSER CACHING
# -------------------------
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 7 days"

    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType image/* "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

# -------------------------
# HTTPS (ENABLE AFTER SSL)
# -------------------------
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ======================================================
# END OF FILE
# ======================================================
