HTTP Class Technical Documentation (diff)

Difference between revisions for Users / Eo Ny / dev

Version1		Version2
1	~~== HTTP Class Technical Documentation ==~~	1	# HTTP Class Technical Documentation
2		2
3	~~=== Overview ===~~	3	## Overview
4		4
5	The ~~##Http## class (##src/class/http.php##~~) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.	5	The `Http` class (`src/class/http.php`) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
6		6
7	File Location: ~~##src/class/http.php##~~	7	File Location: `src/class/http.php`
8	Language: PHP	8	Language: PHP
9	Dependencies: Database class, Session classes, Utility classes (##Ut##), Diagnostics class (##Diag##)	9	Dependencies: Database class, Session classes, Utility classes (`Ut`), Diagnostics class (`Diag`)
10		10
11	----	11	---
12		12
13	=== Class Properties ===	13	## Class Properties
14		14
15	==== Public Properties ====	15	### Public Properties
16		16
17	#\|	17	\| Property \| Type \| Description \|
18	\| Property \| Type \| Description \|	18	\|----------\|------\|-------------\|
19	\|\| ##$tls_session## \| bool \| Indicates if the current session uses HTTPS/TLS encryption \|\|	19	\| `$tls_session` \| bool \| Indicates if the current session uses HTTPS/TLS encryption \|
20	\|\| ##$request_uri## \| string \| Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') \|\|	20	\| `$request_uri` \| string \| Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') \|
21	\|\| ##$ip## \| string \| Client's real IP address (accounts for proxies) \|\|	21	\| `$ip` \| string \| Client's real IP address (accounts for proxies) \|
22	\|\| ##$sess## \| Session \| Reference to the Session object \|\|	22	\| `$sess` \| Session \| Reference to the Session object \|
23	\|\| ##$method## \| string \| Current HTTP method/request type \|\|	23	\| `$method` \| string \| Current HTTP method/request type \|
24	\|\| ==== Private Properties ==== \|\|	24
25	\|\| Property \| Type \| Description \|\|	25	### Private Properties
26	\|\| ---------- \| ------ \| ------------- \|\|	26
27	\|\| ##$db## \| object \| Database connection reference \|\|	27	\| Property \| Type \| Description \|
28	\|\| ##$tls_mark## \| string \| Cookie name for TLS session marking \|\|	28	\|----------\|------\|-------------\|
29	\|\| ##$page## \| string \| Current page name being processed \|\|	29	\| `$db` \| object \| Database connection reference \|
30	\|\| ##$hash## \| string \| SHA1 hash of the page name \|\|	30	\| `$tls_mark` \| string \| Cookie name for TLS session marking \|
31	\|\| ##$query## \| string \| Encoded query string \|\|	31	\| `$page` \| string \| Current page name being processed \|
32	\|\| ##$lang## \| string \| Current language code \|\|	32	\| `$hash` \| string \| SHA1 hash of the page name \|
33	\|\| ##$file## \| string \| Cache file path \|\|	33	\| `$query` \| string \| Encoded query string \|
34	\|\| ##$caching## \| int \| Flag indicating if page should be cached (0 or 1) \|\|	34	\| `$lang` \| string \| Current language code \|
35	\|	35	\| `$file` \| string \| Cache file path \|
36	=== Security Considerations ===	36	\| `$caching` \| int \| Flag indicating if page should be cached (0 or 1) \|
37		37
38	==== 1. IP Address Spoofing ====	38	---
39	- Validates IPs against private ranges	39
40	- Filters proxy-provided IPs appropriately	40	## Constructor
41	- Configurable reverse proxy trust	41
42		42	```php
43	==== 2. Session Security ====	43	public function __construct(&$db)
44	- Binds sessions to IP address	44	```
45	- Binds sessions to TLS status	45
46	- Supports both file and database storage	46	Purpose: Initializes the Http object and sets up HTTP session handling.
47	- HttpOnly cookies by default	47
48		48	Parameters:
49	==== 3. TLS Enforcement ====	49	- `$db` - Database object reference
50	- Automatic HTTPS upgrade when configured	50
51	- Marks TLS sessions to prevent downgrade attacks	51	Initialization Steps:
52	- HSTS header support	52	1. Stores database reference
53		53	2. Extracts and normalizes REQUEST_URI
54	==== 4. Content Security ====	54	3. Detects TLS/HTTPS session status
55	- CSP headers to prevent XSS	55	4. Determines client's real IP address
56	- X-Frame-Options to prevent clickjacking	56	5. Sets up TLS mark cookie name
57	- X-Content-Type-Options to prevent MIME sniffing	57	6. Enforces TLS session upgrade if needed
58	- Referrer-Policy control	58
59	- Permissions-Policy for browser features	59	Example:
60		60	```php
61	==== 5. File Serving ====	61	$http = new Http($db);
62	- Validates file existence and readability	62	```
63	- Prevents directory traversal via ##realpath()##	63
64	- Rejects symbolic links	64	---
65	- Special CSP for SVG and PDF files	65
66		66	## Core Methods
67	==== 6. Cache Security ====	67
68	- Cached only for anonymous users	68	### Session Management
69	- Disabled for sensitive operations (edit, watch)	69
70	- Only GET requests cached	70	#### `session($route): void`
71		71	Initializes the session handler (file-based or database-based).
72	----	72
73		73	Parameters:
74	=== Performance Optimization ===	74	- `$route` (int) - Routing flag:
75		75	- Bit 2 (`$route & 2`): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
76	==== 1. Page Caching ====	76
77	- Stores full HTML output	77	Features:
78	- TTL-based expiration	78	- Selects storage backend (file or database)
79	- Language and method-aware caching	79	- Configures cookie settings (security, path, httponly)
80	- Conditional request support (304 Not Modified)	80	- Binds IP and TLS validation
81		81	- Recovers diagnostic logs from previous session
82	==== 2. MIME Type Caching ====	82
83	- Loads MIME types once and caches	83	Example:
84	- Regenerates only when config changes	84	```php
85		85	$http->session(0); // Normal session
86	==== 3. Session Options ====	86	$http->session(2); // Static file serving mode
87	- File-based sessions for simple deployments	87	```
88	- Database sessions for distributed systems	88
89		89	---
90	==== 4. Compression ====	90
91	- Manual gzip implementation	91	### Caching System
92	- Proper Content-Length generation	92
93	- Only compresses appropriate sizes	93	#### `check_cache($page, $method): void`
94		94	Determines if a page can be cached and prepares the cache check.
95	----	95
96		96	Parameters:
97	=== Debugging ===	97	- `$page` (string) - Page name to cache
		98	- `$method` (string) - Request method/action (e.g., 'show', 'edit')
		99
		100	Caching Rules:
		101	- ✅ Enabled for GET requests only
		102	- ✅ Disabled for POST requests
		103	- ❌ Never cached for 'edit' or 'watch' methods
		104	- ✅ Only cached for anonymous users (no logged-in users)
		105
		106	Example:
		107	```php
		108	$http->check_cache('HomePage', 'show');
		109	```
		110
		111	---
		112
		113	#### `store_cache(): void`
		114	Saves the generated page content to cache file.
		115
		116	Features:
		117	- Retrieves output buffer content
		118	- Saves to cache file with proper permissions
		119	- Records cache metadata in database
		120	- Only executes if caching flag is set and user is anonymous
		121
		122	Example:
		123	```php
		124	// Called at end of page rendering
		125	$http->store_cache();
		126	```
		127
		128	---
		129
		130	#### `invalidate_page($page): int`
		131	Invalidates all cached versions of a page.
		132
		133	Parameters:
		134	- `$page` (string) - Page name to invalidate
		135
		136	Returns:
		137	- Number of cache entries invalidated
		138
		139	Process:
		140	1. Finds all cached versions (different methods/languages)
		141	2. Touches files to past timestamp (faster than deletion)
		142	3. Removes entries from cache metadata table
		143	4. Returns count of invalidated caches
		144
		145	Example:
		146	```php
		147	$count = $http->invalidate_page('HomePage');
		148	echo "Invalidated $count cache entries";
		149	```
		150
		151	---
		152
		153	### TLS/HTTPS Security
		154
		155	#### `secure_base_url(): void`
		156	Switches base URL from HTTP to HTTPS.
		157
		158	Purpose:
		159	- Ensures all subsequent URLs use HTTPS
		160	- Stores original HTTP URL for fallback
		161	- Called when TLS session is detected
		162
		163	Example:
		164	```php
		165	$http->secure_base_url();
		166	// $db->base_url now uses https://
		167	```
		168
		169	---
		170
		171	#### `ensure_tls($url): void`
		172	Enforces HTTPS for a specific URL and redirects if necessary.
		173
		174	Parameters:
		175	- `$url` (string) - URL to secure
		176
		177	Behavior:
		178	- If not already HTTPS and TLS is enabled, forces HTTPS redirect
		179	- Handles both relative and absolute URLs
		180	- Converts relative URLs using current server name
		181
		182	Example:
		183	```php
		184	$http->ensure_tls('/secure/payment');
		185	```
		186
		187	---
		188
		189	### IP Address Detection
		190
		191	#### `real_ip(): string` (Private)
		192	Detects client's real IP address accounting for proxies.
		193
		194	Proxy Headers Checked (in order):
		195	1. `HTTP_X_CLUSTER_CLIENT_IP`
		196	2. `HTTP_X_FORWARDED_FOR` (or custom header)
		197	3. `HTTP_CLIENT_IP`
		198	4. `HTTP_X_REMOTE_ADDR`
		199	5. `REMOTE_ADDR` (fallback)
		200
		201	Features:
		202	- Filters out private/reserved IP ranges
		203	- Respects configured reverse proxy addresses
		204	- Returns `'0.0.0.0'` as fallback
		205
		206	Configuration in Database:
		207	- `reverse_proxy_addresses` - Comma/space-separated proxy IPs
		208	- `reverse_proxy_header` - Custom header name (default: `X-Forwarded-For`)
		209
		210	Example:
		211	```php
		212	$client_ip = $http->ip; // e.g., "203.0.113.42"
		213	```
		214
		215	---
		216
		217	### HTTPS Detection
		218
		219	#### `tls_session(): bool` (Private)
		220	Detects if current connection uses HTTPS/TLS.
		221
		222	Checks (any being true = HTTPS):
		223	- `$_SERVER['HTTPS']` is 'on'
		224	- `$_SERVER['SERVER_PORT']` is 443
		225	- `$_SERVER['HTTP_X_FORWARDED_PROTO']` is 'https'
		226	- `$_SERVER['HTTP_X_FORWARDED_SSL']` is 'on'
		227	- `$_SERVER['HTTP_X_FORWARDED_PORT']` is 443
		228
		229	---
		230
		231	### Security Headers
		232
		233	#### `http_security_headers(): void`
		234	Sets security-related HTTP headers.
		235
		236	Headers Set:
		237
		238	\| Header \| Purpose \| Config Key \|
		239	\|--------\|---------\|------------\|
		240	\| Content-Security-Policy \| XSS/injection protection \| `csp` \|
		241	\| Permissions-Policy \| Control browser features \| `permissions_policy` \|
		242	\| Referrer-Policy \| Control referrer information \| `referrer_policy` \|
		243	\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|
		244	\| X-Frame-Options \| Clickjacking protection \| Hardcoded: `SAMEORIGIN` \|
		245	\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: `nosniff` \|
		246
		247	CSP Configuration Options:
		248	- `0` - Disabled
		249	- `1` - Default policy (from `csp.conf`)
		250	- `2` - Custom policy (from `csp_custom.conf`)
		251
		252	Example:
		253	```php
		254	$http->http_security_headers();
		255	```
		256
		257	---
		258
		259	### HTTP Methods
		260
		261	#### `redirect($url, $permanent = false): void`
		262	Performs an HTTP redirect.
		263
		264	Parameters:
		265	- `$url` (string) - Target URL
		266	- `$permanent` (bool) - Use 301 (permanent) vs 302 (temporary)
		267
		268	Features:
		269	- Decodes `&` entities to prevent broken redirects
		270	- Only works if headers not yet sent
		271	- Uses output buffering to work anywhere in page processing
		272
		273	Example:
		274	```php
		275	$http->redirect('http://example.com/new-page', true); // 301
		276	$http->redirect('/wiki/HomePage'); // 302
		277	```
		278
		279	---
		280
		281	#### `terminate(): void`
		282	Safe exit/die with cleanup.
		283
		284	Cleanup Operations:
		285	- Saves diagnostic logs to session flash data
		286	- Ends script execution
		287
		288	Example:
		289	```php
		290	$http->terminate();
		291	```
		292
		293	---
		294
		295	#### `status($code): void`
		296	Sets HTTP response status code.
		297
		298	Supported Status Codes:
		299	```php
		300	200 => 'OK'
		301	206 => 'Partial Content'
		302	301 => 'Moved Permanently'
		303	302 => 'Moved Temporarily'
		304	304 => 'Not Modified'
		305	400 => 'Bad Request'
		306	401 => 'Unauthorized'
		307	403 => 'Forbidden'
		308	404 => 'Not Found'
		309	405 => 'Method Not Allowed'
		310	409 => 'Conflict'
		311	410 => 'Gone'
		312	416 => 'Requested Range Not Satisfiable'
		313	500 => 'Internal Server Error'
		314	501 => 'Not Implemented'
		315	503 => 'Service Unavailable'
		316	```
		317
		318	Example:
		319	```php
		320	$http->status(404); // Send 404 Not Found
		321	```
		322
		323	---
		324
		325	### Caching Control
		326
		327	#### `no_cache($client_only = true): void`
		328	Disables caching of the current page.
		329
		330	Parameters:
		331	- `$client_only` (bool, default: TRUE)
		332	- `TRUE`: Disable browser cache only
		333	- `FALSE`: Disable both browser and server cache
		334
		335	Headers Set:
		336	- `Last-Modified: <current-time>` (always fresh)
		337	- `Cache-Control: no-store`
		338
		339	Example:
		340	```php
		341	$http->no_cache(); // Client-side only
		342	$http->no_cache(false); // Both client & server
		343	```
		344
		345	---
		346
		347	#### `cache_promisc(): void`
		348	Marks page as publicly cacheable.
		349
		350	Headers Set:
		351	- `Cache-Control: public`
		352
		353	Example:
		354	```php
		355	$http->cache_promisc();
		356	```
		357
		358	---
		359
		360	### Language Negotiation
		361
		362	#### `user_agent_language(): string`
		363	Determines best language based on browser preferences.
		364
		365	Features:
		366	- Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
		367	- Parses `Accept-Language` header with quality factors
		368	- Attempts exact match first, then language fallback
		369	- Falls back to default system language
		370
		371	Example Header:
		372	```
		373	Accept-Language: en-US,en;q=0.9,de;q=0.8
		374	```
		375
		376	Returns:
		377	- Language code (e.g., 'en', 'en-US', 'de')
		378
		379	---
		380
		381	#### `available_languages($subset = true): array`
		382	Returns list of available language translations.
		383
		384	Parameters:
		385	- `$subset` (bool, default: TRUE)
		386	- `TRUE`: Only allowed languages
		387	- `FALSE`: All available languages
		388
		389	Features:
		390	- Scans `LANG_DIR` for language files
		391	- Filters by `allowed_languages` config if set
		392	- Caches result in session
		393	- System language always included
		394
		395	Returns:
		396	- Associative array: `['en' => 'en', 'de' => 'de', ...]`
		397
		398	Example:
		399	```php
		400	$all_langs = $http->available_languages(false);
		401	$allowed = $http->available_languages(true);
		402	```
		403
		404	---
		405
		406	### File Serving
		407
		408	#### `sendfile($path, $filename = null, $age = null): void`
		409	Serves files with proper HTTP headers and caching.
		410
		411	Parameters:
		412	- `$path` (string) - File path (or HTTP_XXX constant for error pages)
		413	- `$filename` (string, optional) - Custom download filename
		414	- `$age` (int, optional) - Cache age in days
		415
		416	Features:
		417	- HTTP range request support (partial file downloads)
		418	- ETag and Last-Modified conditional requests
		419	- Proper MIME type detection
		420	- Content-Security-Policy for special file types
		421	- Streaming for large files
		422	- GZip compression for text files
		423
		424	Special Paths:
		425	```php
		426	$http->sendfile(404); // Serves file defined by HTTP_404 constant
		427	$http->sendfile(403); // Serves file defined by HTTP_403 constant
		428	```
		429
		430	Example:
		431	```php
		432	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
		433	```
		434
		435	---
		436
		437	#### `mime_type($path): string`
		438	Returns MIME type for a file.
		439
		440	Returns:
		441	- MIME type string (e.g., 'application/pdf')
		442	- Default: `'application/octet-stream'`
		443
		444	Example:
		445	```php
		446	$mime = $http->mime_type('file.pdf'); // 'application/pdf'
		447	```
		448
		449	---
		450
		451	#### `mime_types(): array` (Private)
		452	Loads and caches MIME types from configuration.
		453
		454	Features:
		455	- Reads from `config/mime.types`
		456	- Caches to `cache/config/mime.types`
		457	- Reloads if config is updated
		458
		459	---
		460
		461	### Compression
		462
		463	#### `gzip(): void`
		464	Compresses HTTP response with gzip/x-gzip.
		465
		466	Features:
		467	- Manually implements gzip (not relying on zlib.output_compression)
		468	- Produces correct `Content-Length` header
		469	- Only compresses if:
		470	- 860 bytes < content < 1 MB
		471	- Client accepts compression
		472	- Headers not already sent
		473
		474	Example:
		475	```php
		476	$http->gzip();
		477	```
		478
		479	---
		480
		481	### Utility Methods
		482
		483	#### `parse_str($str): array` (Private)
		484	Parses URL-encoded strings with special character handling.
		485
		486	Purpose:
		487	- Safely handles special characters in query/form data
		488	- Converts encoding properly
		489
		490	Example:
		491	```php
		492	$data = $http->parse_str('name=John&age=30');
		493	```
		494
		495	---
		496
		497	#### `request_uri(): string` (Private)
		498	Extracts and normalizes REQUEST_URI from server.
		499
		500	Normalization:
		501	- Removes base URL prefix
		502	- Removes spaces
		503	- Collapses multiple slashes
		504	- Removes `..` path traversal attempts
		505	- Removes leading/trailing slashes
		506
		507	---
		508
		509	#### `cut_prefix($prefix, $path): string` (Private)
		510	Removes prefix from path (case-insensitive).
		511
		512	---
		513
		514	#### `get_header_conf($file_name): string` (Private)
		515	Loads security header configuration from files.
		516
		517	Files Supported:
		518	- `csp.conf` / `csp_custom.conf`
		519	- `permissions_policy.conf` / `permissions_policy_custom.conf`
		520
		521	---
		522
		523	## Configuration Dependencies
		524
		525	The class relies on these database configuration settings:
		526
		527	\| Setting \| Type \| Purpose \|
		528	\|---------\|------\|---------\|
		529	\| `base_url` \| string \| Wiki's base URL \|
		530	\| `tls` \| bool \| Enable HTTPS enforcement \|
		531	\| `cache` \| bool \| Enable page caching \|
		532	\| `cache_ttl` \| int \| Cache lifetime in seconds \|
		533	\| `session_store` \| int \| 1=File, 0=Database \|
		534	\| `system_seed_hash` \| string \| Session encryption seed \|
		535	\| `cookie_prefix` \| string \| Session cookie prefix \|
		536	\| `cookie_path` \| string \| Cookie path \|
		537	\| `allow_persistent_cookie` \| bool \| Allow persistent login \|
		538	\| `session_length` \| int \| Session lifetime in seconds \|
		539	\| `reverse_proxy_addresses` \| string \| Comma/space-separated proxy IPs \|
		540	\| `reverse_proxy_header` \| string \| Custom X-Forwarded header \|
		541	\| `language` \| string \| Default language code \|
		542	\| `multilanguage` \| bool \| Enable language negotiation \|
		543	\| `allowed_languages` \| string \| Comma/space-separated allowed langs \|
		544	\| `enable_security_headers` \| bool \| Send security headers \|
		545	\| `csp` \| int \| CSP setting (0/1/2) \|
		546	\| `permissions_policy` \| int \| Permissions-Policy setting (0/1/2) \|
		547	\| `referrer_policy` \| int \| Referrer-Policy setting (0-8) \|
		548
		549	---
		550
		551	## Constants Used
		552
		553	\| Constant \| Type \| Purpose \|
		554	\|----------\|------\|---------\|
		555	\| `IN_WACKO` \| bool \| Security check (exit if not defined) \|
		556	\| `CHMOD_SAFE` \| int \| File permissions for cache files \|
		557	\| `CHMOD_FILE` \| int \| File permissions for config cache \|
		558	\| `CACHE_PAGE_DIR` \| string \| Page cache directory \|
		559	\| `CACHE_SESSION_DIR` \| string \| Session cache directory \|
		560	\| `CACHE_CONFIG_DIR` \| string \| Config cache directory \|
		561	\| `CONFIG_DIR` \| string \| Configuration directory \|
		562	\| `LANG_DIR` \| string \| Language files directory \|
		563	\| `DAYSECS` \| int \| Seconds in a day (86400) \|
		564	\| `HTTP_404` \| string \| Path to 404 error page \|
		565	\| `HTTP_403` \| string \| Path to 403 error page \|
		566
		567	---
		568
		569	## Workflow Examples
		570
		571	### Example 1: Handling a GET Request
		572
		573	```php
		574	// In main wiki entry point
		575	$http = new Http($db);
		576	$http->session(0); // Start session
		577
		578	// Check if page can be served from cache
		579	$http->check_cache('HomePage', 'show');
		580
		581	// ... render page content ...
		582
		583	// Store rendered page in cache if applicable
		584	$http->store_cache();
		585
		586	// Send security headers
		587	$http->http_security_headers();
		588
		589	// Possibly compress output
		590	$http->gzip();
		591	```
		592
		593	### Example 2: Handling TLS/HTTPS Upgrade
		594
		595	```php
		596	$http = new Http($db); // Constructor detects TLS requirement
		597	// If TLS is enabled and user wasn't in TLS before:
		598	// - Sets TLS session flag
		599	// - Marks session with TLS cookie
		600	// - Redirects to HTTPS version
		601	```
		602
		603	### Example 3: Invalidating Cache After Page Edit
		604
		605	```php
		606	// User edits a page
		607	$http = new Http($db);
		608	$count = $http->invalidate_page('HomePage');
		609	// All cached versions (different languages, methods) are invalidated
		610	```
		611
		612	### Example 4: Serving a File
		613
		614	```php
		615	$http = new Http($db);
		616	$http->session(2); // Static file mode - no session replay prevention
		617
		618	// Serve with 30-day cache
		619	$http->sendfile('uploads/manual.pdf', 'user-manual.pdf', 30);
		620	```
		621
		622	---
		623
		624	## Security Considerations
		625
		626	### 1. IP Address Spoofing
		627	- Validates IPs against private ranges
		628	- Filters proxy-provided IPs appropriately
		629	- Configurable reverse proxy trust
		630
		631	### 2. Session Security
		632	- Binds sessions to IP address
		633	- Binds sessions to TLS status
		634	- Supports both file and database storage
		635	- HttpOnly cookies by default
		636
		637	### 3. TLS Enforcement
		638	- Automatic HTTPS upgrade when configured
		639	- Marks TLS sessions to prevent downgrade attacks
		640	- HSTS header support
		641
		642	### 4. Content Security
		643	- CSP headers to prevent XSS
		644	- X-Frame-Options to prevent clickjacking
		645	- X-Content-Type-Options to prevent MIME sniffing
		646	- Referrer-Policy control
		647	- Permissions-Policy for browser features
		648
		649	### 5. File Serving
		650	- Validates file existence and readability
		651	- Prevents directory traversal via `realpath()`
		652	- Rejects symbolic links
		653	- Special CSP for SVG and PDF files
		654
		655	### 6. Cache Security
		656	- Cached only for anonymous users
		657	- Disabled for sensitive operations (edit, watch)
		658	- Only GET requests cached
		659
		660	---
		661
		662	## Performance Optimization
		663
		664	### 1. Page Caching
		665	- Stores full HTML output
		666	- TTL-based expiration
		667	- Language and method-aware caching
		668	- Conditional request support (304 Not Modified)
		669
		670	### 2. MIME Type Caching
		671	- Loads MIME types once and caches
		672	- Regenerates only when config changes
		673
		674	### 3. Session Options
		675	- File-based sessions for simple deployments
		676	- Database sessions for distributed systems
		677
		678	### 4. Compression
		679	- Manual gzip implementation
		680	- Proper Content-Length generation
		681	- Only compresses appropriate sizes
		682
		683	---
		684
		685	## Debugging
98		686
99	The class integrates with WackoWiki's diagnostic system:	687	The class integrates with WackoWiki's diagnostic system:
100		688
101	%%php	689	```php
102	// Diagnostic messages are preserved across redirects	690	// Diagnostic messages are preserved across redirects
103	// via session flash data	691	// via session flash data
104		692
105	// Check cached pages (debug comments in output):	693	// Check cached pages (debug comments in output):
106	// <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->	694	// <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->
107	%%	695	```
108		696
109	----	697	---
110		698
111	=== Related Classes ===	699	## Related Classes
112	- Session Classes (##SessionFileStore##, ##SessionDbalStore##) - Session management backends	700
113	- Database Class - Configuration and cache metadata storage	701	- Session Classes (`SessionFileStore`, `SessionDbalStore`) - Session management backends
114	- Ut Utility Class - String/path utilities	702	- Database Class - Configuration and cache metadata storage
115	- Diag Class - Diagnostic logging	703	- Ut Utility Class - String/path utilities
116		704	- Diag Class - Diagnostic logging
117	----	705
118		706	---
119	=== Version History ===	707
120	- Supports PHP 8.0+ (uses match expressions, union types)	708	## Version History
121	- Follows RFC 9110 for HTTP header handling	709
122	- Modern cookie security practices	710	- Supports PHP 8.0+ (uses match expressions, union types)
123		711	- Follows RFC 9110 for HTTP header handling
124	----	712	- Modern cookie security practices
125		713
126	=== Conclusion ===	714	---
127		715
128	The ##Http## class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:	716	## Conclusion
129	- Extending WackoWiki with custom request handlers	717
130	- Implementing custom session logic	718	The `Http` class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:
131	- Adding new security policies	719
132	- Optimizing cache strategies	720	- Extending WackoWiki with custom request handlers
133	- Debugging HTTP-related issues	721	- Implementing custom session logic
		722	- Adding new security policies
		723	- Optimizing cache strategies
		724	- Debugging HTTP-related issues