# dashboard-project/api/.htaccess
<IfModule mod_rewrite.c>
  RewriteEngine On

  # پاسخ درست به Preflight
  RewriteCond %{REQUEST_METHOD} =OPTIONS
  RewriteRule ^ - [R=204,L]
</IfModule>

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>

    # Whitelist Origin ها
    SetEnvIfNoCase Origin "^https://bipanel\.infoprotech\.ir$"  ACAO=$0
    SetEnvIfNoCase Origin "^http://localhost:5173$"            ACAO=$0
    SetEnvIfNoCase Origin "^http://127\.0\.0\.1:5173$"         ACAO=$0

    # اول هر چیزی که قبلاً ست شده رو پاک کن
    Header always unset Access-Control-Allow-Origin
    Header always unset Access-Control-Allow-Credentials
    Header always unset Access-Control-Allow-Methods
    Header always unset Access-Control-Allow-Headers
    Header always unset Access-Control-Max-Age
    Header always unset Vary

    # فقط اگر Origin مجاز بود، هدرها ست شوند
    Header always set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
    Header always set Vary "Origin" env=ACAO
    Header always set Access-Control-Allow-Credentials "true" env=ACAO
    Header always set Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" env=ACAO
    Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, Accept" env=ACAO
    Header always set Access-Control-Max-Age "86400" env=ACAO

  </IfModule>
</IfModule>
