# You need to uncomment the below line if you see errors in browser console like this: "Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ ..."
#Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jquery.com *.googlesyndication.com https://adservice.google.ru https://adservice.google.com *.google-analytics.com https://*.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://*.cloudflare.com;"

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Some servers require you to specify the `RewriteBase` directive
    # In such cases, it should be the path (relative to the document root) containing this .htaccess file
    #
    # RewriteBase /
    
    RewriteRule ^sitemap\.xml$ sitemap/sitemap.xml [L]
    
    # deny direct access to files in application folders
    RewriteRule ^(app|config|db|logs|tmp|vendor)\/.*$ - [R=403,L]

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* index.php [L,QSA]
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

<IfModule !mod_rewrite.c>
    Order allow,deny
    Deny from All
</IfModule>
