feat(infrastructure): improve htaccess configuration. (#214)

public/.htaccess

@@ -19,3 +19,36 @@
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^ index.php [L]
 </IfModule>
+
+# Enable Brotli compression with priority over gzip
+<IfModule mod_brotli.c>
+    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml application/rss+xml application/font-woff application/font-woff2
+    # Force Brotli compression if available
+    SetEnvIf Accept-Encoding br brotli
+</IfModule>
+
+# Enable gzip compression only if Brotli is unavailable
+<IfModule mod_deflate.c>
+    <IfModule !mod_brotli.c>
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml application/rss+xml application/font-woff application/font-woff2
+    </IfModule>
+</IfModule>
+
+# This configuration allows browsers to cache assets locally
+<IfModule mod_headers.c>
+   <FilesMatch "\.(js|css|jpg|jpeg|png|gif|ico|svg|woff2?|ttf|eot)$">
+       <If "%{REQUEST_URI} =~ m#^/build/assets/#">
+           Header set Cache-Control "public, max-age=31536000, immutable"
+           Header set Pragma "public"
+           Header unset ETag
+           FileETag None
+           Header unset Last-Modified
+       </If>
+   </FilesMatch>
+
+   # Security headers
+   Header set X-Frame-Options "SAMEORIGIN"
+   Header set X-Content-Type-Options "nosniff"
+   Header set X-XSS-Protection "1; mode=block"
+    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
+</IfModule>