Header set Access-Control-Allow-Origin "*" Options -MultiViews RewriteEngine On RewriteBase / # Deny access to framework directories RewriteRule ^(app/|bootstrap/|config/|database/|resources/|storage/tests|vendor/) - [R=404,L,NC] # And dot files/folders (for example .env) RedirectMatch 404 /\..*$ # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Disable deflation for media files. SetEnvIfNoCase Request_URI "^/api/play/" no-gzip dont-vary # Set a MOD_X_SENDFILE_ENABLED env variable for PHP to use later. XSendFile On SetEnv MOD_X_SENDFILE_ENABLED 1