<IfModule mod_rewrite.c>
  # Rewrite engine açık
  RewriteEngine On

  # Base path ayarla
  RewriteBase /

  # HTTPS'e yönlendir (isteğe bağlı)
  # RewriteCond %{HTTPS} off
  # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # www ekle veya çıkar (isteğe bağlı)
  # RewriteCond %{HTTP_HOST} !^www\. [NC]
  # RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

  # PayTR callback için özel kural - PHP dosyası direkt çalışsın
  RewriteCond %{REQUEST_URI} ^/paytr-callback\.php$ [NC]
  RewriteRule ^ - [L]

  # Gerçek dosya veya dizin değilse index.html'e yönlendir
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.html [L]
</IfModule>

# GZIP Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/atom_xml
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE font/truetype
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
  ExpiresActive On

  # Images
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"

  # CSS and JavaScript
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"

  # Fonts
  ExpiresByType font/ttf "access plus 1 year"
  ExpiresByType font/otf "access plus 1 year"
  ExpiresByType font/woff "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
  ExpiresByType application/font-woff "access plus 1 year"

  # HTML
  ExpiresByType text/html "access plus 0 seconds"
</IfModule>

# Security Headers
<IfModule mod_headers.c>
  # X-Frame-Options
  Header always set X-Frame-Options "SAMEORIGIN"

  # X-Content-Type-Options
  Header always set X-Content-Type-Options "nosniff"

  # X-XSS-Protection
  Header always set X-XSS-Protection "1; mode=block"

  # Referrer-Policy
  Header always set Referrer-Policy "strict-origin-when-cross-origin"

  # Permissions-Policy
  Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"

  # Cross-Origin Policies
  Header always set Cross-Origin-Embedder-Policy "credentialless"
  Header always set Cross-Origin-Opener-Policy "same-origin"
  Header always set Cross-Origin-Resource-Policy "cross-origin"
</IfModule>

# Disable Directory Browsing
Options -Indexes

# Protect sensitive files
<FilesMatch "(^\.env|^\.htaccess|^\.git|composer\.json|package\.json)">
  Order allow,deny
  Deny from all
</FilesMatch>

# Error Pages (isteğe bağlı)
# ErrorDocument 404 /index.html
# ErrorDocument 500 /index.html
