# ═══════════════════════════════════════════════════════════════
#  Westlands Paws — Apache .htaccess for cPanel / Shared Hosting
#  Place this file in the same folder as index.html (public_html
#  or your subdirectory root).
# ═══════════════════════════════════════════════════════════════

Options -Indexes
Options +FollowSymLinks
RewriteEngine On

# ── 1. Force HTTPS ──────────────────────────────────────────────
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ── 2. Force non-www → www (edit to match your domain) ──────────
# Uncomment the two lines below once you know your domain:
# RewriteCond %{HTTP_HOST} ^westlandspaws\.com [NC]
# RewriteRule ^(.*)$ https://www.westlandspaws.com/$1 [L,R=301]

# ── 3. React Router SPA fallback ────────────────────────────────
#    Send ALL requests that aren't real files/directories to index.html
#    This is REQUIRED for React Router — without it, refreshing any
#    page other than / will return a 404.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /index.html [L]

# ── 4. Gzip / Deflate Compression ───────────────────────────────
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/javascript application/x-javascript
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE font/woff2 font/woff font/ttf
</IfModule>

# ── 5. Browser Caching ──────────────────────────────────────────
<IfModule mod_expires.c>
  ExpiresActive On

  # HTML — no cache (always fetch latest)
  ExpiresByType text/html                  "access plus 0 seconds"

  # CSS & JS — hashed filenames → cache 1 year
  ExpiresByType text/css                   "access plus 1 year"
  ExpiresByType application/javascript     "access plus 1 year"
  ExpiresByType application/x-javascript  "access plus 1 year"

  # Images
  ExpiresByType image/jpeg                 "access plus 6 months"
  ExpiresByType image/png                  "access plus 6 months"
  ExpiresByType image/gif                  "access plus 6 months"
  ExpiresByType image/webp                 "access plus 6 months"
  ExpiresByType image/svg+xml              "access plus 6 months"
  ExpiresByType image/x-icon              "access plus 1 year"

  # Fonts
  ExpiresByType font/woff2                 "access plus 1 year"
  ExpiresByType font/woff                  "access plus 1 year"
  ExpiresByType font/ttf                   "access plus 1 year"
  ExpiresByType application/font-woff2     "access plus 1 year"
</IfModule>

# ── 6. Security Headers ──────────────────────────────────────────
<IfModule mod_headers.c>
  # Prevent clickjacking
  Header always set X-Frame-Options "SAMEORIGIN"

  # Stop MIME-type sniffing
  Header always set X-Content-Type-Options "nosniff"

  # Enable XSS filter in older browsers
  Header always set X-XSS-Protection "1; mode=block"

  # Referrer policy
  Header always set Referrer-Policy "strict-origin-when-cross-origin"

  # Cache-Control for hashed assets (Vite adds a hash to filenames)
  <FilesMatch "\.(js|css|woff2|woff|ttf)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>

  # No cache for HTML
  <FilesMatch "\.html$">
    Header set Cache-Control "no-cache, no-store, must-revalidate"
  </FilesMatch>
</IfModule>

# ── 7. Block access to sensitive files ──────────────────────────
<FilesMatch "(^\.htaccess|\.env|\.git|package\.json|vite\.config)">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# ── 8. Set default charset ───────────────────────────────────────
AddDefaultCharset UTF-8
