# AJAX Directory - Allow POST Requests
# Updated: 2025-12-19 - Allow modern fetch() API requests

<IfModule mod_rewrite.c>
    RewriteEngine On

    # ALLOW all POST requests (including fetch() API)
    # Modern browsers don't always send X-Requested-With header
    # No restrictive rules - just allow access
</IfModule>

# Security Headers
<IfModule mod_headers.c>
    # AJAX endpoints should not be cached
    Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
    Header set Pragma "no-cache"
    Header set Expires "0"

    # CSRF protection
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"

    # No indexing
    Header set X-Robots-Tag "noindex, nofollow"
</IfModule>

# PHP Security
<IfModule mod_php7.c>
    php_flag display_errors Off
    php_flag log_errors On
    php_value max_execution_time 10
</IfModule>

# Disable directory listing
Options -Indexes

# Content type
<FilesMatch "\.php$">
    Header set Content-Type "application/json; charset=utf-8"
</FilesMatch>
