# <IfModule mod_rewrite.c>

#     <IfModule mod_negotiation.c>
#         Options -MultiViews -Indexes
#     </IfModule>

#     RewriteEngine On

#     # Allow embedding from Shopify
#     Header set Content-Security-Policy "frame-ancestors https://admin.shopify.com https://*.myshopify.com"

#     # Handle Authorization Header
#     RewriteCond %{HTTP:Authorization} .
#     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

#     # Redirect Trailing Slashes If Not A Folder...
#     RewriteCond %{REQUEST_FILENAME} !-d
#     RewriteCond %{REQUEST_URI} (.+)/$
#     RewriteRule ^ %1 [L,R=301]

#     # Send Requests To Front Controller...
#     RewriteCond %{REQUEST_FILENAME} !-d
#     RewriteCond %{REQUEST_FILENAME} !-f
#     RewriteRule ^ index.php [L]

# </IfModule>

<IfModule mod_headers.c>
    # Prevent clickjacking for most origins
    Header always set X-Frame-Options "SAMEORIGIN"

    # Allow embedding from Shopify (Content Security Policy overrides X-Frame-Options)
    Header always set Content-Security-Policy "frame-ancestors https://admin.shopify.com https://*.myshopify.com"
</IfModule>

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
    
    
</IfModule>
