Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 5 as of 05/05/2026 19:11
10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(17.4 KiB)
EoNy
 Next edit →
Revision 11 as of 05/05/2026 19:28
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy

(17.6 KiB) +229
WikiAdmin

Merge of Version1 & Version2
1 # HTTP Class Technical Documentation== HTTP Class Technical Documentation ==
2
3 ## Overview=== Overview ===
4
5 The `Http` class (`src/class/http.php`##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
6
7 **File Location:** `src/class/http.php`##src/class/http.php##
8 **Language:** PHP
9 **Dependencies:** Database class, Session classes, Utility classes (##Ut##), Diagnostics class (##Diag##)
10
11 ----
12
13 === Class Properties ===
14
15 ====Public Properties====
16
17 #|
18 *| Property | Type | Description |*
19 || ##$tls_session## | bool | Indicates if the current session uses HTTPS/TLS encryption ||
20 || ##$request_uri## | string | Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') ||
21 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
22 || ##$sess## | Session | Reference to the Session object ||
23 || ##$method## | string | Current HTTP method/request type ||
24 |#
25
26 ====Private Properties====
27
28 #|
29 *| Property | Type | Description |*
30 || ##$db## | object | Database connection reference ||
31 || ##$tls_mark## | string | Cookie name for TLS session marking ||
32 || ##$page## | string | Current page name being processed ||
33 || ##$hash## | string | SHA1 hash of the page name ||
34 || ##$query## | string | Encoded query string ||
35 || ##$lang## | string | Current language code ||
36 || ##$file## | string | Cache file path ||
37 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
38 |#
39
40 ----
41 === Constructor ===
42
43 %%php
44 public function __construct(&$db)
45 ```%%
46
47 **Purpose:** Initializes the Http object and sets up HTTP session handling.
48
49 **Parameters:**
50 - `$db`  - ##$db## - Database object reference
51
52 **Initialization Steps:**
53   1. Stores database reference
54   2. Extracts and normalizes REQUEST_URI
55   3. Detects TLS/HTTPS session status
56   4. Determines client's real IP address
57   5. Sets up TLS mark cookie name
58   6. Enforces TLS session upgrade if needed
59
60 **Example:**
61 ```%%php
62 $http = new Http($db);
63 ```%%
64
65 ----
66
67 ## Core Methods=== Core Methods ===
68
69 ### Session Management==== Session Management ====
70
71 #### `session($route): void`===== ##session($route): void## =====
72 Initializes the session handler (file-based or database-based).
73
74 **Parameters:**
75 - `$route`  - ##$route## (int) - Routing flag:
76   - Bit 2 (`$route & 2`##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
77
78 **Features:**
79   - Selects storage backend (file or database)
80   - Configures cookie settings (security, path, httponly)
81   - Binds IP and TLS validation
82   - Recovers diagnostic logs from previous session
83
84 **Example:**
85 ```%%php
86 $http->session(0); // Normal session
87 $http->session(2); // Static file serving mode
88 ```%%
89
90 ----
91
92 ### Caching System==== Caching System ====
93
94 #### `check_cache($page, $method): void`===== ##check_cache($page, $method): void## =====
95 Determines if a page can be cached and prepares the cache check.
96
97 **Parameters:**
98 - `$page`  - ##$page## (string) - Page name to cache
99 - `$method`  - ##$method## (string) - Request method/action (e.g., 'show', 'edit')
100
101 **Caching Rules:**
102   - ✅ Enabled for GET requests only
103   - ✅ Disabled for POST requests
104   - ❌ Never cached for 'edit' or 'watch' methods
105   - ✅ Only cached for anonymous users (no logged-in users)
106
107 **Example:**
108 ```%%php
109 $http->check_cache('HomePage', 'show');
110 ```%%
111
112 ----
113
114 #### `store_cache(): void`===== ##store_cache(): void## =====
115 Saves the generated page content to cache file.
116
117 **Features:**
118   - Retrieves output buffer content
119   - Saves to cache file with proper permissions
120   - Records cache metadata in database
121   - Only executes if caching flag is set and user is anonymous
122
123 **Example:**
124 ```%%php
125 // Called at end of page rendering
126 $http->store_cache();
127 ```%%
128
129 ----
130
131 #### `invalidate_page($page): int`===== ##invalidate_page($page): int## =====
132 Invalidates all cached versions of a page.
133
134 **Parameters:**
135 - `$page`  - ##$page## (string) - Page name to invalidate
136
137 **Returns:**
138   - Number of cache entries invalidated
139
140 **Process:**
141   1. Finds all cached versions (different methods/languages)
142   2. Touches files to past timestamp (faster than deletion)
143   3. Removes entries from cache metadata table
144   4. Returns count of invalidated caches
145
146 **Example:**
147 ```%%php
148 $count = $http->invalidate_page('HomePage');
149 echo "Invalidated $count cache entries";
150 ```%%
151
152 ----
153
154 ### TLS/HTTPS Security==== TLS/HTTPS Security ====
155
156 #### `secure_base_url(): void`===== ##secure_base_url(): void## =====
157 Switches base URL from HTTP to HTTPS.
158
159 **Purpose:**
160   - Ensures all subsequent URLs use HTTPS
161   - Stores original HTTP URL for fallback
162   - Called when TLS session is detected
163
164 **Example:**
165 ```%%php
166 $http->secure_base_url();
167 // $db->base_url now uses https://
168 ```%%
169
170 ----
171
172 #### `ensure_tls($url): void`===== ##ensure_tls($url): void## =====
173 Enforces HTTPS for a specific URL and redirects if necessary.
174
175 **Parameters:**
176 - `$url`  - ##$url## (string) - URL to secure
177
178 **Behavior:**
179   - If not already HTTPS and TLS is enabled, forces HTTPS redirect
180   - Handles both relative and absolute URLs
181   - Converts relative URLs using current server name
182
183 **Example:**
184 ```%%php
185 $http->ensure_tls('/secure/payment');
186 ```%%
187
188 ----
189
190 ### IP Address Detection==== IP Address Detection ====
191
192 #### `real_ip(): string` (Private)===== ##real_ip(): string## (Private) =====
193 Detects client's real IP address accounting for proxies.
194
195 **Proxy Headers Checked (in order):**
196 1. `HTTP_X_CLUSTER_CLIENT_IP`  1. ##HTTP_X_CLUSTER_CLIENT_IP##
197 2. `HTTP_X_FORWARDED_FOR`  2. ##HTTP_X_FORWARDED_FOR## (or custom header)
198 3. `HTTP_CLIENT_IP`  3. ##HTTP_CLIENT_IP##
199 4. `HTTP_X_REMOTE_ADDR`  4. ##HTTP_X_REMOTE_ADDR##
200 5. `REMOTE_ADDR`  5. ##REMOTE_ADDR## (fallback)
201
202 **Features:**
203   - Filters out private/reserved IP ranges
204   - Respects configured reverse proxy addresses
205 - Returns `'0.0.0.0'`  - Returns ##'0.0.0.0'## as fallback
206
207 **Configuration in Database:**
208 - `reverse_proxy_addresses`  - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
209 - `reverse_proxy_header` - Custom header name (default: `X-Forwarded-For`  - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
210
211 **Example:**
212 ```%%php
213 $client_ip = $http->ip; // e.g., "203.0.113.42"
214 ```%%
215
216 ----
217
218 ### HTTPS Detection==== HTTPS Detection ====
219
220 #### `tls_session(): bool` (Private)===== ##tls_session(): bool## (Private) =====
221 Detects if current connection uses HTTPS/TLS.
222
223 **Checks (any being true = HTTPS):**
224   - ##$_SERVER['HTTPS']## is 'on'
225   - ##$_SERVER['SERVER_PORT']## is 443
226   - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
227   - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
228   - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
229
230 ----
231
232 ==== Security Headers ====
233
234 =====##http_security_headers(): void##=====
235
236 Sets security-related HTTP headers.
237
238 **Headers Set:**
239
240 #|
241 *| Header | Purpose | Config Key |*
242 || Content-Security-Policy | XSS/injection protection | ##csp## ||
243 || Permissions-Policy | Control browser features | ##permissions_policy## ||
244 || Referrer-Policy | Control referrer information | ##referrer_policy## ||
245 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
246 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
247 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
248 |#
249
250 **CSP Configuration Options:**
251 - `0`  - ##0## - Disabled
252 - `1` - Default policy (from `csp.conf`  - ##1## - Default policy (from ##csp.conf##)
253 - `2` - Custom policy (from `csp_custom.conf`  - ##2## - Custom policy (from ##csp_custom.conf##)
254
255 **Example:**
256 ```%%php
257 $http->http_security_headers();
258 %%
259
260 ----
261 ==== HTTP Methods ====
262
263 ===== ##redirect($url, $permanent = false): void## =====
264 Performs an HTTP redirect.
265
266 **Parameters:**
267 - `$url`  - ##$url## (string) - Target URL
268 - `$permanent`  - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
269
270 **Features:**
271 - Decodes `&`  - Decodes ##&## entities to prevent broken redirects
272   - Only works if headers not yet sent
273   - Uses output buffering to work anywhere in page processing
274
275 **Example:**
276 ```%%php
277 $http->redirect('http://example.com/new-page', true); // 301
278 $http->redirect('/wiki/HomePage'); // 302
279 ```%%
280
281 ----
282
283 #### `terminate(): void`===== ##terminate(): void## =====
284 Safe exit/die with cleanup.
285
286 **Cleanup Operations:**
287   - Saves diagnostic logs to session flash data
288   - Ends script execution
289
290 **Example:**
291 ```%%php
292 $http->terminate();
293 ```%%
294
295 ----
296
297 #### `status($code): void`===== ##status($code): void## =====
298 Sets HTTP response status code.
299
300 **Supported Status Codes:**
301 ```%%php
302 200 => 'OK'
303 206 => 'Partial Content'
304 301 => 'Moved Permanently'
315 500 => 'Internal Server Error'
316 501 => 'Not Implemented'
317 503 => 'Service Unavailable'
318 ```%%
319
320 **Example:**
321 ```%%php
322 $http->status(404); // Send 404 Not Found
323 ```%%
324
325 ----
326
327 ### Caching Control==== Caching Control ====
328
329 #### `no_cache($client_only = true): void`===== ##no_cache($client_only = true): void## =====
330 Disables caching of the current page.
331
332 **Parameters:**
333 - `$client_only`  - ##$client_only## (bool, default: TRUE)
334   - `TRUE`##TRUE##: Disable browser cache only
335   - `FALSE`##FALSE##: Disable both browser and server cache
336
337 **Headers Set:**
338 - `Last-Modified: <current-time>`  - ##Last-Modified: <current-time>## (always fresh)
339 - `Cache-Control: no-store`  - ##Cache-Control: no-store##
340
341 **Example:**
342 ```%%php
343 $http->no_cache(); // Client-side only
344 $http->no_cache(false); // Both client & server
345 ```%%
346
347 ----
348
349 #### `cache_promisc(): void`===== ##cache_promisc(): void## =====
350 Marks page as publicly cacheable.
351
352 **Headers Set:**
353 - `Cache-Control: public`  - ##Cache-Control: public##
354
355 **Example:**
356 ```%%php
357 $http->cache_promisc();
358 ```%%
359
360 ----
361
362 ### Language Negotiation==== Language Negotiation ====
363
364 #### `user_agent_language(): string`===== ##user_agent_language(): string## =====
365 Determines best language based on browser preferences.
366
367 **Features:**
368   - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
369 - Parses `Accept-Language`  - Parses ##Accept-Language## header with quality factors
370   - Attempts exact match first, then language fallback
371   - Falls back to default system language
372
373 **Example Header:**
374 ```%%
375 Accept-Language: en-US,en;q=0.9,de;q=0.8
376 ```%%
377
378 **Returns:**
379   - Language code (e.g., 'en', 'en-US', 'de')
380
381 ----
382
383 #### `available_languages($subset = true): array`===== ##available_languages($subset = true): array## =====
384 Returns list of available language translations.
385
386 **Parameters:**
387 - `$subset`  - ##$subset## (bool, default: TRUE)
388   - `TRUE`##TRUE##: Only allowed languages
389   - `FALSE`##FALSE##: All available languages
390
391 **Features:**
392 - Scans `LANG_DIR`  - Scans ##LANG_DIR## for language files
393 - Filters by `allowed_languages`  - Filters by ##allowed_languages## config if set
394   - Caches result in session
395   - System language always included
396
397 **Returns:**
398 - Associative array: `['en' => 'en', 'de' => 'de', ...]`  - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
399
400 **Example:**
401 ```%%php
402 $all_langs = $http->available_languages(false);
403 $allowed = $http->available_languages(true);
404 ```%%
405
406 ----
407
408 ### File Serving==== File Serving ====
409
410 #### `sendfile($path, $filename = null, $age = null): void`===== ##sendfile($path, $filename = null, $age = null): void## =====
411 Serves files with proper HTTP headers and caching.
412
413 **Parameters:**
414 - `$path`  - ##$path## (string) - File path (or HTTP_XXX constant for error pages)
415 - `$filename`  - ##$filename## (string, optional) - Custom download filename
416 - `$age`  - ##$age## (int, optional) - Cache age in days
417
418 **Features:**
419   - HTTP range request support (partial file downloads)
420   - ETag and Last-Modified conditional requests
421   - Proper MIME type detection
422   - Content-Security-Policy for special file types
423   - Streaming for large files
424   - GZip compression for text files
425
426 **Special Paths:**
427 ```%%php
428 $http->sendfile(404); // Serves file defined by HTTP_404 constant
429 $http->sendfile(403); // Serves file defined by HTTP_403 constant
430 ```%%
431
432 **Example:**
433 ```%%php
434 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
435 ```%%
436
437 ----
438
439 #### `mime_type($path): string`===== ##mime_type($path): string## =====
440 Returns MIME type for a file.
441
442 **Returns:**
443   - MIME type string (e.g., 'application/pdf')
444 - Default: `'application/octet-stream'`  - Default: ##'application/octet-stream'##
445
446 **Example:**
447 ```%%php
448 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
449 ```%%
450
451 ----
452
453 #### `mime_types(): array` (Private)===== ##mime_types(): array## (Private) =====
454 Loads and caches MIME types from configuration.
455
456 **Features:**
457 - Reads from `config/mime.types`  - Reads from ##config/mime.types##
458 - Caches to `cache/config/mime.types`  - Caches to ##cache/config/mime.types##
459   - Reloads if config is updated
460
461 ----
462
463 ### Compression==== Compression ====
464
465 #### `gzip(): void`===== ##gzip(): void## =====
466 Compresses HTTP response with gzip/x-gzip.
467
468 **Features:**
469   - Manually implements gzip (not relying on zlib.output_compression)
470 - Produces correct `Content-Length`  - Produces correct ##Content-Length## header
471   - Only compresses if:
472   - 860 bytes < content < 1 MB
473   - Client accepts compression
474   - Headers not already sent
475
476 **Example:**
477 ```%%php
478 $http->gzip();
479 ```%%
480
481 ----
482
483 ### Utility Methods==== Utility Methods ====
484
485 #### `parse_str($str): array` (Private)===== ##parse_str($str): array## (Private) =====
486 Parses URL-encoded strings with special character handling.
487
488 **Purpose:**
489   - Safely handles special characters in query/form data
490   - Converts encoding properly
491
492 **Example:**
493 ```%%php
494 $data = $http->parse_str('name=John&age=30');
495 ```%%
496
497 ----
498
499 #### `request_uri(): string` (Private)===== ##request_uri(): string## (Private) =====
500 Extracts and normalizes REQUEST_URI from server.
501
502 **Normalization:**
503   - Removes base URL prefix
504   - Removes spaces
505   - Collapses multiple slashes
506 - Removes `..`  - Removes ##..## path traversal attempts
507   - Removes leading/trailing slashes
508
509 ----
510
511 #### `cut_prefix($prefix, $path): string` (Private)===== ##cut_prefix($prefix, $path): string## (Private) =====
512 Removes prefix from path (case-insensitive).
513
514 ----
515
516 #### `get_header_conf($file_name): string` (Private)===== ##get_header_conf($file_name): string## (Private) =====
517 Loads security header configuration from files.
518
519 **Files Supported:**
520 - `csp.conf` / `csp_custom.conf`  - ##csp.conf## / ##csp_custom.conf##
521 - `permissions_policy.conf` / `permissions_policy_custom.conf`  - ##permissions_policy.conf## / ##permissions_policy_custom.conf##
522
523 ----
524
525 ## Configuration Dependencies===Configuration Dependencies===
526
527 The class relies on these database configuration settings:
528
529 #|
530 *| Setting | Type | Purpose |*
531 || ##base_url## | string | Wiki's base URL ||
532 || ##tls## | bool | Enable HTTPS enforcement ||
533 || ##cache## | bool | Enable page caching ||
534 || ##cache_ttl## | int | Cache lifetime in seconds ||
535 || ##session_store## | int | 1=File, 0=Database ||
536 || ##system_seed_hash## | string | Session encryption seed ||
537 || ##cookie_prefix## | string | Session cookie prefix ||
538 || ##cookie_path## | string | Cookie path ||
539 || ##allow_persistent_cookie## | bool | Allow persistent login ||
540 || ##session_length## | int | Session lifetime in seconds ||
541 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs ||
542 || ##reverse_proxy_header## | string | Custom X-Forwarded header ||
543 || ##language## | string | Default language code ||
544 || ##multilanguage## | bool | Enable language negotiation ||
545 || ##allowed_languages## | string | Comma/space-separated allowed langs ||
546 || ##enable_security_headers## | bool | Send security headers ||
547 || ##csp## | int | CSP setting (0/1/2) ||
548 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
549 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
550 |#
551
552 ----
553
554 === Constants Used ===
555
556
557
558 === Workflow Examples ===
559
560 ==== Example 1: Handling a GET Request ====
561
562 %%php
563 // In main wiki entry point
564 $http = new Http($db);
565 $http->session(0); // Start session
577
578 // Possibly compress output
579 $http->gzip();
580 ```%%
581
582 ### Example 2: Handling TLS/HTTPS Upgrade==== Example 2: Handling TLS/HTTPS Upgrade ====
583
584 ```%%php
585 $http = new Http($db); // Constructor detects TLS requirement
586 // If TLS is enabled and user wasn't in TLS before:
587 // - Sets TLS session flag
588 // - Marks session with TLS cookie
589 // - Redirects to HTTPS version
590 ```%%
591
592 ### Example 3: Invalidating Cache After Page Edit==== Example 3: Invalidating Cache After Page Edit ====
593
594 ```%%php
595 // User edits a page
596 $http = new Http($db);
597 $count = $http->invalidate_page('HomePage');
598 // All cached versions (different languages, methods) are invalidated
599 ```%%
600
601 ### Example 4: Serving a File==== Example 4: Serving a File ====
602
603 ```%%php
604 $http = new Http($db);
605 $http->session(2); // Static file mode - no session replay prevention
606
607 // Serve with 30-day cache
608 $http->sendfile('uploads/manual.pdf', 'user-manual.pdf', 30);
609 ```%%
610
611 ----
612
613 ## Security Considerations=== Security Considerations ===
614
615 ### 1. **IP Address Spoofing**==== 1. **IP Address Spoofing** ====
616   - Validates IPs against private ranges
617   - Filters proxy-provided IPs appropriately
618   - Configurable reverse proxy trust
619
620 ### 2. **Session Security**==== 2. **Session Security** ====
621   - Binds sessions to IP address
622   - Binds sessions to TLS status
623   - Supports both file and database storage
624   - HttpOnly cookies by default
625
626 ### 3. **TLS Enforcement**==== 3. **TLS Enforcement** ====
627   - Automatic HTTPS upgrade when configured
628   - Marks TLS sessions to prevent downgrade attacks
629   - HSTS header support
630
631 ### 4. **Content Security**==== 4. **Content Security** ====
632   - CSP headers to prevent XSS
633   - X-Frame-Options to prevent clickjacking
634   - X-Content-Type-Options to prevent MIME sniffing
635   - Referrer-Policy control
636   - Permissions-Policy for browser features
637
638 ### 5. **File Serving**==== 5. **File Serving** ====
639   - Validates file existence and readability
640 - Prevents directory traversal via `realpath()`  - Prevents directory traversal via ##realpath()##
641   - Rejects symbolic links
642   - Special CSP for SVG and PDF files
643
644 ### 6. **Cache Security**==== 6. **Cache Security** ====
645   - Cached only for anonymous users
646   - Disabled for sensitive operations (edit, watch)
647   - Only GET requests cached
648
649 ----
650
651 ## Performance Optimization=== Performance Optimization ===
652
653 ### 1. **Page Caching**==== 1. **Page Caching** ====
654   - Stores full HTML output
655   - TTL-based expiration
656   - Language and method-aware caching
657   - Conditional request support (304 Not Modified)
658
659 ### 2. **MIME Type Caching**==== 2. **MIME Type Caching** ====
660   - Loads MIME types once and caches
661   - Regenerates only when config changes
662
663 ### 3. **Session Options**==== 3. **Session Options** ====
664   - File-based sessions for simple deployments
665   - Database sessions for distributed systems
666
667 ### 4. **Compression**==== 4. **Compression** ====
668   - Manual gzip implementation
669   - Proper Content-Length generation
670   - Only compresses appropriate sizes
671
672 ----
673
674 ## Debugging=== Debugging ===
675
676 The class integrates with WackoWiki's diagnostic system:
677
678 ```%%php
679 // Diagnostic messages are preserved across redirects
680 // via session flash data
681
682 // Check cached pages (debug comments in output):
683 // <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->
684 %%
685
686 ----
687
688 === Related Classes ===
689   - **Session Classes** (##SessionFileStore##, ##SessionDbalStore##) - Session management backends
690   - **Database Class** - Configuration and cache metadata storage
691   - **Ut Utility Class** - String/path utilities
692   - **Diag Class** - Diagnostic logging
693
694 ----
695
696 === Version History ===
697   - Supports PHP 8.0+ (uses match expressions, union types)
698   - Follows RFC 9110 for HTTP header handling
699   - Modern cookie security practices
700
701 ----
702
703 === Conclusion ===
704
705 The ##Http## class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:
706   - Extending WackoWiki with custom request handlers
707   - Implementing custom session logic
708   - Adding new security policies
709   - Optimizing cache strategies
710   - Debugging HTTP-related issues