<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Skip all processing if request is for public directory
    # This allows public/.htaccess to handle its own requests
    RewriteCond %{REQUEST_URI} ^/.*/public/ [NC,OR]
    RewriteCond %{REQUEST_URI} ^/public/ [NC]
    RewriteRule ^ - [L]

    # ----------------------------------------------------
    # Force HTTPS (Cloudflare + normal SSL uyumlu)
    # ----------------------------------------------------
    # Skip HTTPS redirect for localhost/127.0.0.1 (local development)
    RewriteCond %{HTTP_HOST} !^localhost [NC]
    RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [NC]
    # 1) Direkt HTTPS değilse
    # 2) Cloudflare üzerinden gelen isteklerde X-Forwarded-Proto https değilse
    RewriteCond %{HTTPS} !=on [OR]
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller (for root access)
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ public/index.php [L]
</IfModule>
