# Base controller for the application
# Provides common functionality and security configurations for all controllers
class ApplicationController < ActionController::Base
  # Protect against Cross-Site Request Forgery (CSRF) attacks
  # Ensures that all non-GET requests include a valid authenticity token
  protect_from_forgery with: :exception

  # Restrict access to modern browsers only
  # Requires browsers to support modern web standards:
  # - WebP images for better compression
  # - Web Push notifications
  # - Badge API for notifications
  # - Import maps for JavaScript modules
  # - CSS nesting and :has() pseudo-class
  allow_browser versions: :modern
end