# AVA Courier backend security
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Access-Control-Allow-Credentials "true"
Options -Indexes
<Files "*.php">
  Order allow,deny
  Allow from all
</Files>
<FilesMatch "\.(sql|log|gitkeep)$">
  Order deny,allow
  Deny from all
</FilesMatch>
