# Enable CORS for all resources
Header set Access-Control-Allow-Origin "*"
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.html [L]
</IfModule>

<IfModule mod_headers.c>
    # X-Frame-Options to prevent clickjacking
    Header set X-Frame-Options "DENY"

    # Content Security Policy (CSP) to allow content from the specified domains
    Header set Content-Security-Policy "default-src 'self' https://q-kubara.sa https://alastura.tech https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' https://q-kubara.sa https://alastura.tech; style-src 'self' https://q-kubara.sa https://alastura.tech https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://q-kubara.sa https://alastura.tech; font-src 'self' https://q-kubara.sa https://alastura.tech https://fonts.gstatic.com data:; object-src 'none'; frame-ancestors 'none';"

    # HTTP Strict Transport Security (HSTS)
    Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

    # X-Content-Type-Options to prevent MIME-type sniffing
    Header set X-Content-Type-Options "nosniff"

    # X-XSS-Protection to enable the cross-site scripting filter
    Header set X-XSS-Protection "1; mode=block"
</IfModule>



