# ================================================================
#  temp/.htaccess  —  Block all direct web access
# ================================================================
#
#  The /temp directory stores session-scoped JSON data files
#  (parsed CSV and Shopify cache). These files must NEVER be
#  accessible via HTTP — they may contain customer PII.
#
#  Both Apache 2.2 and 2.4 syntax are included for compatibility.
# ================================================================

# Apache 2.4+
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

# Apache 2.2 fallback
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

# Explicitly disable PHP execution in this directory
<FilesMatch "\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</FilesMatch>
