# Allow cross-origin requests
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# http://enable-cors.org/
# http://www.w3.org/TR/cors/

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

<IfModule mod_rewrite.c>
  #Options +FollowSymLinks
  RewriteEngine On
  # Redirect from the `http://` to the `https://` version of the URL.
  # https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
  RewriteCond %{HTTPS} !=on
  #RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  #check for 200 header, legitimate url 
  RewriteCond %{ENV:REDIRECT_STATUS} 200
  RewriteRule .* - [L]
  #remove need to have .php extension in filename
  RewriteCond %{REQUEST_FILENAME}.php -f
  RewriteRule ^(.*)$ $1.php [L,QSA]
</IfModule>
