# Sowlov theme security + SEO performance hardening
# Safe inside /content/themes/elengine/ only. It blocks direct access to source/cache files
# while keeping public assets (CSS, JS, images, fonts) available.

Options -Indexes
DirectoryIndex index.html

<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set Cross-Origin-Resource-Policy "same-origin"
</IfModule>

# Stop visitors from opening Smarty templates, compiled PHP cache, SQL, JSON notes, and backups directly.
<FilesMatch "\.(tpl|php|sql|json|txt|md|log|bak|old|ini|env|yml|yaml)$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Deny from all
  </IfModule>
</FilesMatch>

# Safer direct SVG handling.
<IfModule mod_headers.c>
  <FilesMatch "\.svg$">
    Header set Content-Security-Policy "default-src 'none'; img-src 'self' data:; style-src 'unsafe-inline'"
  </FilesMatch>
</IfModule>

# Long cache for versioned/static theme assets.
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType application/javascript "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType font/woff "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
  <FilesMatch "\.(css|js|png|jpg|jpeg|gif|webp|svg|woff|woff2)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>
</IfModule>

# Compression for faster theme assets. Brotli is used when the server supports it; Deflate is the fallback.
<IfModule mod_brotli.c>
  AddOutputFilterByType BROTLI_COMPRESS text/plain text/css application/javascript application/json application/xml image/svg+xml font/woff font/woff2
</IfModule>

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/plain text/css application/javascript application/json application/xml image/svg+xml font/woff font/woff2
</IfModule>

FileETag None
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>
