<ifModule mod_headers.c>
    Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
</ifModule>

DirectoryIndex index.php

Options -Indexes

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Forbid access. Not actual as redirect to `public` is applied.
    # An extra security measure if redirect not fired.
    RewriteRule ^/?data/ - [F]
    RewriteRule ^/?application/ - [F]
    RewriteRule ^/?custom/ - [F]
    RewriteRule ^/?vendor/ - [F]
    RewriteRule /?web\.config - [F]

    # Forbid `public` dir.
    RewriteRule ^/?public/? - [F,L]

    # Skip redirect for `client` dir.
    RewriteRule ^client/ - [L]

    # Store base path.
    RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$

    # Add trailing slash.
    RewriteCond %{DOCUMENT_ROOT}/%{ENV:BASE}/public/$1 -d
</IfModule>

<Directory C:\Apache24\htdocs>
  AllowOverride All
</Directory>
