# ==========================================================================
# CFB24 Consulting Zrt. — .htaccess (statikus HTML site)
# ==========================================================================

RewriteEngine On

# --- HTTPS kényszerítés ---------------------------------------------------
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# --- www nélküli kanonikus URL --------------------------------------------
RewriteCond %{HTTP_HOST} ^www\.cfb24\.hu$ [NC]
RewriteRule ^(.*)$ https://cfb24.hu/$1 [R=301,L]

# --- /index.html és /index → / 301 redirect -------------------------------
RewriteCond %{THE_REQUEST} \s/+index(\.html)?[\s?] [NC]
RewriteRule ^ / [R=301,L]

# --- /valami.html → /valami 301 redirect (clean URL) ----------------------
RewriteCond %{THE_REQUEST} \s/+([^?\s]+?)\.html[\s?] [NC]
RewriteRule ^ /%1 [R=301,L]

# --- /valami → /valami.html belső átírás (kiszolgálás) --------------------
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/$1.html -f
RewriteRule ^([^/.]+)/?$ $1.html [L]

# --- Alapértelmezett dokumentum -------------------------------------------
DirectoryIndex index.html

# ==========================================================================
# TÖMÖRÍTÉS
# ==========================================================================
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
  AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript
  AddOutputFilterByType DEFLATE application/json application/xml application/rss+xml
  AddOutputFilterByType DEFLATE image/svg+xml application/font-woff application/font-woff2
</IfModule>

# ==========================================================================
# BROWSER CACHE — statikus assetek
# ==========================================================================
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault                          "access plus 1 month"
  ExpiresByType text/html                 "access plus 1 hour"
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType application/javascript    "access plus 1 year"
  ExpiresByType image/svg+xml             "access plus 1 year"
  ExpiresByType image/jpeg                "access plus 1 year"
  ExpiresByType image/png                 "access plus 1 year"
  ExpiresByType image/webp                "access plus 1 year"
  ExpiresByType image/x-icon              "access plus 1 year"
  ExpiresByType font/woff2                "access plus 1 year"
</IfModule>

# ==========================================================================
# BIZTONSÁGI HEADER-EK
# ==========================================================================
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "SAMEORIGIN"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

# ==========================================================================
# Tiltás: rejtett fájlok kiszolgálása (.git, .env, stb.)
# ==========================================================================
<FilesMatch "^\.">
  Require all denied
</FilesMatch>

# Külön kivétel: .well-known/ az SSL/Let's Encrypt validációhoz szükséges
<IfModule mod_alias.c>
  Alias "/.well-known/" "/.well-known/"
</IfModule>
