OwlCyberSecurity - MANAGER

Edit File: .htaccess.42

RewriteEngine On # Inherit rewrite options (CPanel-compatible) RewriteOptions inherit # Reverse proxy for backend APIs RewriteCond %{REQUEST_URI} ^/api(/.*)?$ [NC] RewriteRule ^api(/.*)?$ http://127.0.0.1:2005/api$1 [P,L] # Optional: WebSocket (not always needed for AdminJS) RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://127.0.0.1:2005/$1 [P,L] <IfModule mod_headers.c> # Unset any existing CORS headers to prevent duplicates Header unset Access-Control-Allow-Origin Header unset Access-Control-Allow-Credentials Header unset Access-Control-Allow-Methods Header unset Access-Control-Allow-Headers # Set CORS headers (single origin) Header always set Access-Control-Allow-Origin "http://testone.onebox.pk" Header always set Access-Control-Allow-Credentials "true" Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" Header always set Access-Control-Allow-Headers "Content-Type, Authorization" # Allow iframe embedding Header always unset X-Frame-Options Header always set Content-Security-Policy "frame-ancestors 'self' http://testone.onebox.pk" </IfModule> # Handle preflight (OPTIONS) requests <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] </IfModule>