# TaskGram Apache configuration
DirectoryIndex index.php

# ── Clean URLs: @username/list-slug → list.php?owner=username&slug=list-slug ──
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # Skip real files and directories
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d

    # @username/list-slug
    RewriteRule ^@([a-z][a-z0-9_-]{2,31})/([a-z0-9][a-z0-9-]{0,63})/?$ list.php?owner=$1&slug=$2 [L,QSA]
</IfModule>

# Block direct access to JSON files
<FilesMatch "\.json$">
    Require all denied
</FilesMatch>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "same-origin"
</IfModule>
