# ============================================================
# SMB3.fi - Web root .htaccess
# ============================================================

# UTF-8 default
AddDefaultCharset UTF-8

# Ei directory listingiä
Options -Indexes -MultiViews +FollowSymLinks

# URL-rewrite front controllerille
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Jos tarvitset RewriteBase (esim. alikansio), uncomment:
    # RewriteBase /

    # Älä rewritettaa olemassa olevia tiedostoja tai kansioita
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d

    # Kaikki muu -> index.php
    RewriteRule ^ index.php [L]
</IfModule>

# Estä piilotettuihin tiedostoihin pääsy
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Estä suoraan .env
<FilesMatch "\.(env|ini|log|sql|md|yaml|yml|json|lock)$">
    Require all denied
</FilesMatch>

# ============================================================
# Turvaheaderit
# ============================================================
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
    # HSTS vain HTTPS:ssa - uncommentaa tuotannossa HTTPS:n kanssa
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

# ============================================================
# Kompressio
# ============================================================
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json image/svg+xml
</IfModule>

# ============================================================
# Välimuisti staattisille asseteille
# ============================================================
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css                "access plus 7 days"
    ExpiresByType application/javascript  "access plus 7 days"
    ExpiresByType image/png               "access plus 30 days"
    ExpiresByType image/jpeg              "access plus 30 days"
    ExpiresByType image/webp              "access plus 30 days"
    ExpiresByType image/avif              "access plus 30 days"
    ExpiresByType image/svg+xml           "access plus 30 days"
    ExpiresByType font/woff2              "access plus 365 days"
</IfModule>

# Oletusetusivu
DirectoryIndex index.php
