# Desativa mod_security para esta pasta (somente endpoints internos PHP)
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>
<IfModule mod_security2.c>
    SecRuleEngine Off
    SecRequestBodyAccess Off
</IfModule>

# Garante que arquivos PHP rodem normalmente nesta pasta
<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>

# CORS para chamadas internas do front-end
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Accept, X-Requested-With"
</IfModule>
