# Allow CORS for same-origin API calls
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Access-Control-Allow-Credentials "true"

# Security
Options -Indexes
<Files "*.php">
  Order allow,deny
  Allow from all
</Files>
