ServerName inventory.local DocumentRoot /var/www/html/frontend/dist # Enable CORS headers for API requests Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" Header always set Access-Control-Allow-Credentials "true" # Handle preflight requests RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] # API routes - redirect to PHP backend Alias /api /var/www/html/api # Static files and frontend routes Options -Indexes +FollowSymLinks AllowOverride All Require all granted # Vue.js SPA routing - fallback to index.html RewriteEngine On RewriteBase / RewriteRule ^index\.html$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L] # PHP backend directory Options -Indexes +FollowSymLinks AllowOverride All Require all granted # Handle PHP files SetHandler application/x-httpd-php # API directory Options -Indexes +FollowSymLinks AllowOverride All Require all granted # Handle PHP files SetHandler application/x-httpd-php # Security headers Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options DENY Header always set X-XSS-Protection "1; mode=block" # Error handling ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined