# ========================================
# Forex Calculator - Server Configuration
# ========================================

# Enable RewriteEngine
RewriteEngine On

# Force HTTPS (if available)
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST%}/$1 [R=301,L]

# ========================================
# FIX: Content Security Policy
# ========================================
<IfModule mod_headers.c>
  # Allow inline scripts and styles for the app
  Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none';"
</IfModule>

# ========================================
# FIX: MIME Types for JavaScript
# ========================================
<IfModule mod_mime.c>
  AddType application/javascript .js
  AddType application/json .json
  AddType application/manifest+json .webmanifest
  AddType image/svg+xml .svg
  AddType image/png .png
  AddType text/css .css
  AddType text/html .html
</IfModule>

# ========================================
# Service Worker Configuration
# ========================================
<Files "sw.js">
  Header set Cache-Control "public, max-age=0, must-revalidate"
  Header set Service-Worker-Allowed "/"
  Header set Content-Type "application/javascript"
</Files>

# ========================================
# Manifest Configuration
# ========================================
<Files "manifest.webmanifest">
  Header set Content-Type "application/manifest+json"
</Files>

# ========================================
# Security Headers
# ========================================
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "DENY"
  Header set X-XSS-Protection "1; mode=block"
  Header set Referrer-Policy "no-referrer-when-downgrade"
  
  # Remove server signature
  Header unset Server
  Header unset X-Powered-By
</IfModule>

# ========================================
# CORS Headers (if needed for external resources)
# ========================================
<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
  Header set Access-Control-Allow-Headers "Content-Type"
</IfModule>

# ========================================
# Compression
# ========================================
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

# ========================================
# Browser Caching
# ========================================
<IfModule mod_expires.c>
  ExpiresActive On
  
  # Images
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  
  # CSS and JavaScript
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresByType text/javascript "access plus 1 month"
  
  # HTML - no cache
  ExpiresByType text/html "access plus 0 seconds"
  
  # Service Worker - no cache
  ExpiresByType application/x-javascript "access plus 0 seconds"
</IfModule>

# ========================================
# Prevent Directory Browsing
# ========================================
Options -Indexes

# ========================================
# Error Pages (optional)
# ========================================
ErrorDocument 404 /index.html
ErrorDocument 403 /index.html
