# =================================================================
# DEVELOPMENT .htaccess for Versement API
# This version is very permissive for development
# =================================================================

# BASIC SECURITY (Minimal)
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always unset X-Powered-By
</IfModule>

Options -Indexes

<Files *.php>
    Order Allow,Deny
    Allow from all
</Files>

# =================================================================
# Allow all requests for development
# =================================================================
RewriteEngine On

# Ensure Authorization header is passed to PHP (Crucial for 401 errors)
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Allow requests from any User-Agent for development
# Remove restrictions on common tools

# =================================================================
# Minimal CSP for development
# =================================================================
Header always set Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *"

# =================================================================
# No HSTS for local development
# =================================================================

# =================================================================
# No geo-blocking for local development
# =================================================================

# =================================================================
# FINAL STATUS: Development Mode Active ✅
# Very permissive for local testing
# =================================================================