RewriteEngine On

# Handle CORS preflight requests
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

# Direct static file serving
RewriteRule ^static/(.*)$ client-build/static/$1 [L]
RewriteRule ^manifest\.json$ client-build/manifest.json [L]
RewriteRule ^favicon\.ico$ client-build/favicon.ico [L]

# API routes
RewriteCond %{REQUEST_URI} ^/production/api/
RewriteRule ^api/(.*)$ api/$1 [L]

# Everything else to React app
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]

# MIME types
AddType application/javascript .js
AddType text/css .css
AddType application/json .json

# CORS headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"