# Enable URL rewriting
RewriteEngine On

# Set base directory (change if your API is in a subdirectory)
RewriteBase /market_local_api/

# Allow access to uploads directory
RewriteCond %{REQUEST_URI} ^/market_local_api/uploads/
RewriteRule ^ - [L]

# Route all other requests to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Disable directory browsing
Options -Indexes

# Protect sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>
