# FiveM Update Server - HTTP ONLY

<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # DO NOT redirect to HTTPS
    # RewriteCond %{HTTPS} off
    # RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]
    
    RewriteCond %{REQUEST_FILENAME}.php -f
    RewriteRule ^heads/([^/]+)/([^/.]+)$ heads/$1/$2.php [L,QSA]
</IfModule>

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, X-Requested-With"
    Header set Access-Control-Max-Age "3600"
    
    <FilesMatch "\.(xz|zst)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>
    
    <FilesMatch "\.xml$">
        Header set Cache-Control "public, max-age=3600"
    </FilesMatch>
    
    <FilesMatch "\.php$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
    </FilesMatch>
</IfModule>

<IfModule mod_mime.c>
    AddType application/x-xz .xz
    AddType application/zstd .zst
    AddType application/xml .xml
</IfModule>

Options -Indexes +FollowSymLinks

<FilesMatch "\.(xz|zst|xml|php)$">
    Require all granted
</FilesMatch>

<FilesMatch "^\.">
    Require all denied
</FilesMatch>
