<IfModule mod_headers.c>
# set the samesite cookies
#Header always edit Set-Cookie (.*) "$1; SameSite=Strict"

# set the X-Frame-Options header to http request.
#Header set X-Frame-Options DENY 

# set the X-XSS-Protection header to http request.
#Header set X-XSS-Protection: "1; mode=block"

# set the Referrer-Policy to none
#Header set Referrer-Policy "no-referrer"

# set X-Content-Type-Options Header
#Header set X-Content-Type-Options nosniff

# set the Feature-Policy to self
#Header set Feature-Policy "sync-xhr 'self'"

#Header set Content-Security-Policy 
#Header always set Content-Security-Policy "default-src 'none'; base-uri 'self'; connect-src 'self' ; frame-ancestors 'none'; img-src data: 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com  fonts.googleapis.com fonts.static.com;"
</IfModule>
 

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Uncomment below line for login page redirection, if you don't want to use a landing page.
#RewriteRule ^$ /members/index.php [L,R=301]

# Block access to /functions/api/v and /functions/api/v.php
RewriteCond %{THE_REQUEST} \s/functions/api/v(\.php)?\s [NC]
RewriteRule ^ - [R=404,L]
RewriteCond %{THE_REQUEST} \s/functions/api/get(\.php)?\s [NC]
RewriteRule ^ - [R=404,L]

# Rewrite /api/v?query-strings to /functions/api/v.php?query-strings
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^api/v$ /functions/api/v.php [L]

# Rewrite /api/get?query-strings to /functions/api/get.php?query-strings
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^api/get$ /functions/api/get.php [L]

# Force HTTPS on the subdomains/subdirectories login or admin
#RewriteCond %{HTTPS} off
#RewriteCond %{HTTP_HOST} ^(login|admin)\. [NC]
#RewriteCond %{REQUEST_URI} ^(login|admin)\. [NC,OR]
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force WWW if no subdomain is given
#RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
#RewriteCond %{HTTP_HOST} !^$
#RewriteCond %{HTTPS}s ^on(s)|
#RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]