# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]
+# Forward the "Authorization" HTTP header
+# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
+RewriteCond %{HTTP:Authorization} ^(.*)
+RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+
# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]
+
+<Limit GET POST PUT DELETE OPTIONS>
+ <IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from all
+ Deny from none
+ </IfVersion>
+ </IfModule>
+
+ <IfModule !version_module>
+ Require all granted
+ </IfModule>
+</Limit>
+
+<LimitExcept GET POST PUT DELETE OPTIONS>
+ <IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+ </IfModule>
+
+ <IfModule !version_module>
+ Require all denied
+ </IfModule>
+</LimitExcept>