Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" Header always set Access-Control-Allow-Headers "Authorization,X-Accept-Charset,X-Accept,Content-Type" Options -MultiViews RewriteEngine On RewriteBase / # Deny access to framework directories RewriteRule ^(app/|bootstrap/|config/|database/|resources/|storage/tests|vendor/) - [R=404,L,NC] # And dot files/folders (for example .env) RedirectMatch 404 /\..*$ # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # https://github.com/tymondesigns/jwt-auth/wiki/Authentication RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Disable deflation for media files. SetEnvIfNoCase Request_URI "^/api/play/" no-gzip dont-vary