<IfModule mod_headers.c>
  # IMPORTANT: Allow your actual Vite origins (must match exactly)
  SetEnvIf Origin "^http://(172\.20\.48\.1|192\.168\.163\.1|192\.168\.88\.59):5173$" ORIGIN_OK=$0
  SetEnvIf Origin "^http://(localhost|127\.0\.0\.1):5173$" ORIGIN_OK=$0
  SetEnvIf Origin "^https://skizagroundsuite\.com$" ORIGIN_OK=$0

  Header always set Access-Control-Allow-Origin "%{ORIGIN_OK}e" env=ORIGIN_OK
  Header always set Vary "Origin" env=ORIGIN_OK

  Header always set Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
  Header always set Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With"
  Header always set Access-Control-Max-Age "86400"
</IfModule>

RewriteEngine On

# Handle preflight (OPTIONS) here (no redirect, just return success)
RewriteCond %{REQUEST_METHOD} =OPTIONS
RewriteRule ^ - [R=204,L]

# Keep this for JWT (passes Authorization header through)
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
