RewriteEngine On

RewriteRule ^core/cadproxy/.*$ public/index.php [END]
RewriteRule .*\.gz$ - [F,NC]

#Disallow indexing
Options +FollowSymlinks -Indexes

#--------------------------------------------------
# Let's Encrypt Support
# RewriteRule ^.well-known/(.*)$ .well-known/$1 [L]
#--------------------------------------------------

#RewriteRule   server-status server-status [L]

#--------------------------------------------------
# ADVANCED CUSTOMIZATION SECTION - START
#--------------------------------------------------
#Use this rule for customization for Apache 2.4
RewriteRule   ^custom/css/(.+)$  resources/customization/css/$1 [B,END]

#--------------------------------------------------
# ADVANCED CUSTOMIZATION SECTION - END
#--------------------------------------------------

#Route all requests to our handler
RewriteRule   ^(.*)/?$ public/index.php [L]

php_value memory_limit 500M
php_value post_max_size 500M
php_value upload_max_filesize 500M
php_value max_execution_time 60
php_value max_input_time 300

<IfModule mod_headers.c>
Header always set Access-Control-Allow-Origin ffol.filecloud.com
Header set Access-Control-Allow-Credentials true
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy: "default-src 'self' blob: *.live.com *.amazonaws.com *.core.windows.net www.google.com http://127.0.0.1:34320/v1/fileassociations *.autodesk.com; \
    connect-src 'self' *.amazonaws.com *.core.windows.net blob: data: http://127.0.0.1:34320/v1/fileassociations *.autodesk.com; \
    style-src 'unsafe-inline' 'self' *.autodesk.com; \
    script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com  teams.microsoft.com *.teams.microsoft.com *.skype.com *.autodesk.com; \
    frame-src 'self' blob: www.google.com *.live.com docs.google.com accounts.google.com; \
    font-src 'self' data: *.autodesk.com; \
    img-src www.gstatic.com 'self' data: blob: *.duosecurity.com *.live.com *.amazonaws.com *.core.windows.net *.office.net *.autodesk.com; \
    frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.my.salesforce.com; \
    worker-src 'self' blob: *.autodesk.com"
Header set Cache-Control no-cache="Set-Cookie"
</IfModule>

<IfModule mod_deflate.c>
<IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
        AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/xml
</IfModule>
</IfModule>
