
# Necessary to prevent problems when using a controller named "index" and having a root index.php


Options -MultiViews

# turn rewriting on

RewriteEngine On

# When using the script within a sub-folder, put this path here, like /mysubfolder/

# If your app is in the root of your web folder, then please delete this line or comment it out

#RewriteBase /harish/php-login/

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule ^(.+)$ index.html

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

<IfModule mod_headers.c>
    Header always set X-Frame-Options "DENY"
</IfModule>

<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
</IfModule>

<IfModule mod_headers.c>
    Header always set Referrer-Policy "no-referrer"
</IfModule>

<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self' https://angular.ubihrm.com https://translate.googleapis.com https://nominatim.openstreetmap.org; frame-src *; img-src *; style-src * 'unsafe-inline';  script-src * 'unsafe-inline' 'unsafe-eval'; font-src *;"  
</IfModule>

<IfModule mod_headers.c>
    Header always edit Set-Cookie ^(AWSALBCORS=.)(;\sHttpOnly\s*)?(.*)$ "$1; HttpOnly$3"
</IfModule>

<IfModule mod_headers.c>
    Header always edit Set-Cookie ^(AWSALB=.)(;\ssecure\s*)?(.*)$ "$1; secure$3"
</IfModule>

<IfModule mod_headers.c>
    Header always edit Set-Cookie (.*) "$1; SameSite=None; Secure; HttpOnly"
</IfModule>
