Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" Header always set Access-Control-Allow-Headers "Authorization,X-Accept-Charset,X-Accept,Content-Type" Options -MultiViews RewriteEngine On RewriteBase / # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] # Whitelist only index.php, robots.txt, and those start with public/ or api/ RewriteRule ^(?!($|index\.php|robots\.txt|(public|api)/)) - [R=404,L] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* index.php [L] # https://github.com/tymondesigns/jwt-auth/wiki/Authentication RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Cache the audio files for 1 year. # It's up to the browser to respect this. ExpiresActive On ExpiresByType audio/(mpe?g3?|ogg|aac) "access plus 1 year" # Disable deflation for media files. SetEnvIfNoCase Request_URI "^/api/play/" no-gzip dont-vary # ---------------------------------------------------------------------- # Gzip compression. # Stolen from https://github.com/h5bp/server-configs-apache/ # ---------------------------------------------------------------------- # Force compression for mangled `Accept-Encoding` request headers # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding # Compress all output labeled with one of the following MIME-types AddOutputFilterByType DEFLATE "application/atom+xml" \ "application/javascript" \ "application/json" \ "application/ld+json" \ "application/manifest+json" \ "application/rdf+xml" \ "application/rss+xml" \ "application/schema+json" \ "application/vnd.geo+json" \ "application/vnd.ms-fontobject" \ "application/x-font-ttf" \ "application/x-javascript" \ "application/x-web-app-manifest+json" \ "application/xhtml+xml" \ "application/xml" \ "font/eot" \ "font/opentype" \ "image/bmp" \ "image/svg+xml" \ "image/vnd.microsoft.icon" \ "image/x-icon" \ "text/cache-manifest" \ "text/css" \ "text/html" \ "text/javascript" \ "text/plain" \ "text/vcard" \ "text/vnd.rim.location.xloc" \ "text/vtt" \ "text/x-component" \ "text/x-cross-domain-policy" \ "text/xml"