<IfModule mod_rewrite.c>
  RewriteEngine On

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . index.php [L,QSA]

  # redirect Authorization to $_SERVER
  #RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</IfModule>
<IfModule mod_negotiation.c>
  Options -MultiViews
</IfModule>
<IfModule mod_headers.c>
  # Cross domain access for API
  #Header add Access-Control-Allow-Origin "*"
  #Header add Access-Control-Allow-Headers "origin, Authorization, x-requested-with, content-type"
  #Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

  Header set X-XSS-Protection "1; mode=block"
  Header append X-FRAME-OPTIONS "SAMEORIGIN"

  # cache 1 week
  <filesMatch ".(jpg|jpeg|png|gif|ico)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch ".(css|js|ttf|woff|svg|eot)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
</IfModule>
