<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Never expose framework directories, env files, or deployment artefacts
    # when the project root is used directly as the document root.
    RewriteRule "(^|/)\.(?!well-known(?:/|$))" - [F,L,NC]
    RewriteRule "^(?:app|bootstrap|config|database|resources|routes|storage|tests|vendor|vendor-ship-backup)(?:/|$)" - [F,L,NC]
    RewriteRule "^(?:\.env.*|artisan|composer\.(?:json|lock)|package(?:-lock)?\.json|phpunit\.xml|README\.md|LOCAL_CPANEL_SETUP\.md|validate\.php|licenses\.json|__artisan_check\.php|error_log|.*\.(?:sql|zip|bak|old|dist|ini|log))$" - [F,L,NC]

    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{HTTP:x-xsrf-token} .
    RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]

    # Root document root support: serve real files from /public when the project root
    # is exposed directly by cPanel/shared hosting.
    RewriteRule ^$ public/index.php [L]

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{DOCUMENT_ROOT}/public/$1 -f [OR]
    RewriteCond %{DOCUMENT_ROOT}/public/$1 -d
    RewriteRule ^(.*)$ public/$1 [L]

    RewriteCond %{REQUEST_URI} !^/public/
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ public/index.php [L]
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
