Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
Header always set Access-Control-Allow-Headers "Authorization,X-Accept-Charset,X-Accept,Content-Type"
Options -MultiViews
RewriteEngine On
RewriteBase /
# Deny access to framework directories
RewriteRule ^(app|bootstrap|config|database|resources|storage|tests|vendor|node_modules)/ - [R=404,L,NC]
# And dot files/folders (for example .env)
RedirectMatch 404 /\..*$
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# https://github.com/tymondesigns/jwt-auth/wiki/Authentication
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
# Disable deflation for media files.
SetEnvIfNoCase Request_URI "^/api/play/" no-gzip dont-vary
# Cache the audio files for 1 year.
# It's up to the browser to respect this.
ExpiresActive On
ExpiresByType audio/(mpe?g3?|ogg|aac) "access plus 1 year"