Options -Indexes
RewriteEngine On

RewriteBase /pgs-backend/

# Block sensitive files
RewriteRule ^\.env$ - [F,L]
RewriteRule ^\.git  - [F,L]

# Pass Authorization header to PHP — two methods for XAMPP compatibility:
# Method 1: RewriteRule environment variable (works even without mod_setenvif)
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%1,NS]

# Method 2: SetEnvIf (fallback for some CGI setups)
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

# Route all non-file, non-directory requests to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]