<IfModule mod_rewrite.c>
    Options +FollowSymLinks -Indexes
    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect to public folder
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

# Deny access to sensitive files
<FilesMatch "^\.env|composer\.json|composer\.lock|package\.json|webpack\.mix\.js|yarn\.lock|package-lock\.json|phpunit\.xml$">
    Order allow,deny
    Deny from all
</FilesMatch>