#-------------------------------------------------------------------------------
# myMVC
# apache .htaccess file

# Deactivate session auto start
php_value session.auto_start 0

# valid for all Cookies
Header edit Set-Cookie (.*)                 "$1;HttpOnly;SameSite=Strict"

# SSL Cookies
Header edit Set-Cookie ^(myMVC_secure.*)$   "$1;Secure"

# activate rewrite Rules
RewriteEngine On

# prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.)
RedirectMatch 403 /\..*$

#-------------------------------------------------------------------------------

# deny HTTP TRACE, HTTP TRACK Requests
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# pass-through files
RewriteCond %{REQUEST_FILENAME} !-f

# forward to index.php
RewriteRule .* index.php
