# Ensure Authorization header is available in PHP under Apache/XAMPP
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# -----------------------------
# CORS for local Vite dev
# -----------------------------
<IfModule mod_headers.c>
  SetEnvIfNoCase Origin "^http://localhost:5173$" ACAO=$0
  SetEnvIfNoCase Origin "^http://localhost:5174$" ACAO=$0
  SetEnvIfNoCase Origin "^http://127\.0\.0\.1:5173$" ACAO=$0
  SetEnvIfNoCase Origin "^http://127\.0\.0\.1:5174$" ACAO=$0

  Header always set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
  Header always set Vary "Origin" env=ACAO

  Header always set Access-Control-Allow-Credentials "true"
  Header always set Access-Control-Allow-Methods "GET,POST,PUT,PATCH,DELETE,OPTIONS"
  Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, Accept"
</IfModule>

# پاسخ به Preflight (OPTIONS)
<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_METHOD} OPTIONS
  RewriteRule ^(.*)$ $1 [R=204,L]
</IfModule>
