Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" Header always set Access-Control-Allow-Headers "Authorization,X-Accept-Charset,X-Accept,Content-Type" Options -MultiViews RewriteEngine On RewriteBase / # Deny access to framework directories RewriteRule ^(app|bootstrap|config|database|resources|storage|tests|vendor)/ - [R=404,L,NC] # And dot files/folders (for example .env) RedirectMatch 404 /\..*$ # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # https://github.com/tymondesigns/jwt-auth/wiki/Authentication RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Disable deflation for media files. SetEnvIfNoCase Request_URI "^/api/play/" no-gzip dont-vary # Cache the audio files for 1 year. # It's up to the browser to respect this. ExpiresActive On ExpiresByType audio/(mpe?g3?|ogg|aac) "access plus 1 year"