Options -Indexes

RewriteEngine On

# Forzar HTTPS si ya lo manejas en Cloudflare, esto puede omitirse.
# RewriteCond %{HTTPS} !=on
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Bloquear acceso a storage/src/templates directamente
RewriteRule ^(src|storage|templates)/ - [F,L]

# Front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L,QSA]

# Headers básicos (complementan middleware)
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "DENY"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
