<?php // Public API endpoint - proxies to secure server code // This file will be in the web-accessible directory // Set CORS headers header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: POST, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type"); header("Content-Type: application/json"); // Handle preflight OPTIONS request if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } // Only allow POST requests if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } try { // Include the secure server logic from outside document root // You'll update this path after moving the server directory include __DIR__ . '/../../server/index.php'; } catch (Exception $e) { http_response_code(501); echo json_encode(['error' => 'Server error']); } ?>