RewriteEngine On

# Ensure Authorization header is passed to PHP (important for login/auth APIs)
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]

# Force HTTPS
RewriteCond %{HTTPS}  !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

IndexIgnore *
ErrorDocument 404 /index.php

# Remove index.php from URL
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REQUEST_URI} ^(.*/)index\.php$ [NC]
RewriteRule . https://%{HTTP_HOST}%1 [R=301,NE,L]

# Hide .php extension (external)
RewriteCond %{REQUEST_METHOD} !POST [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R,L,NC]

# Hide .php extension (internal)
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [L]

# If cPanel-specific PHP handler exists and no longer needed, comment it out
#<IfModule mime_module>
#  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
#</IfModule>
