# Enable CORS
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type"

# Protect config.php
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>