ServerName inventory.local DocumentRoot /var/www/html/frontend/dist # Enable CORS headers for API requests Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" Header always set Access-Control-Allow-Credentials "true" # Handle preflight requests RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] # API routes - handle PHP files in api directory Options -Indexes +FollowSymLinks AllowOverride All Require all granted # Handle PHP files SetHandler application/x-httpd-php # Root directory - serve frontend files and handle PHP Options -Indexes +FollowSymLinks AllowOverride All Require all granted # Handle PHP files SetHandler application/x-httpd-php # Vue.js SPA routing - fallback to index.html for non-API, non-PHP requests RewriteEngine On RewriteBase / # Don't rewrite API requests RewriteCond %{REQUEST_URI} ^/api/ RewriteRule ^ - [L] # Don't rewrite PHP files RewriteCond %{REQUEST_URI} \.php$ RewriteRule ^ - [L] # Don't rewrite existing files/directories RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] # Fallback to index.html for Vue.js SPA RewriteRule . index.html [L] # Security headers Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options DENY Header always set X-XSS-Protection "1; mode=block" # Error handling ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined