# Protection dossier API
Options -Indexes

# Bloquer l'accès direct à config.php
<Files "config.php">
  Require all denied
</Files>

# Headers JSON pour tous les .php
<FilesMatch "\.php$">
  Header always set Content-Type "application/json; charset=utf-8"
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
  Header always set Access-Control-Allow-Headers "Content-Type"
</FilesMatch>
