# ============================================================
# Slate — Apache config
# ============================================================
# Front-controller is NOT used — Slate is direct file routing.
# This .htaccess only sets sane defaults and blocks the things
# that should never be served.
# ============================================================

# Refuse to follow symlinks (defense vs symlink attacks on shared hosts)
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch

# UTF-8 default
AddDefaultCharset UTF-8

# ── Block sensitive files at the root ───────────────────────
<FilesMatch "^\.env|composer\.json|composer\.lock|README\.md|INSTALL\.md|ARCHITECTURE\.md|CONTRIBUTING\.md|CHANGELOG\.md$">
    Require all denied
</FilesMatch>

# Block any dotfile (.git, .htaccess, etc.) from being served
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Block direct access to includes/, db/, scripts/, docs/, data/
RedirectMatch 403 ^/includes/
RedirectMatch 403 ^/db/
RedirectMatch 403 ^/scripts/
RedirectMatch 403 ^/docs/
RedirectMatch 403 ^/data/

# ── Security headers ────────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    # HSTS (only enable once your TLS is confirmed working)
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

# ── Compression ─────────────────────────────────────────────
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json image/svg+xml
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule ^shop/?$               plugins/shop/storefront/router.php?_path= [L,QSA]
    RewriteRule ^shop/(.+)$            plugins/shop/storefront/router.php?_path=$1 [L,QSA]
</IfModule>