# Enable CORS for API
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
</IfModule>

# Enable PHP error reporting (disable in production)
# php_flag display_errors On
# php_value error_reporting E_ALL

# Prevent directory listing
Options -Indexes

# Protect config files
<FilesMatch "^(database\.php|config\.php)$">
    Order allow,deny
    Deny from all
</FilesMatch>
