# TaskGram Apache configuration DirectoryIndex index.php # ── Clean URLs: @username/list-slug → list.php?owner=username&slug=list-slug ── RewriteEngine On RewriteBase / # Skip real files and directories RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # @username/list-slug RewriteRule ^@([a-z][a-z0-9_-]{2,31})/([a-z0-9][a-z0-9-]{0,63})/?$ list.php?owner=$1&slug=$2 [L,QSA] # Block direct access to JSON files Require all denied # Security headers Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "same-origin"