docs: complete documentation update for all classes

- Response: added download(), file(), streamDownload(), mime type detection
- Session: added CSRF protection methods (csrfToken, csrfField, validateCsrf, validateRequestCsrf)
- Request: added getMethod, setUri, getTarget, isFormData documentation
- Uri: added getQueryToArray, fromString, getAuthority, getUserInfo methods
- Cookie: added escaped() method, SameSite parameter documentation
- Headers: added getHeaderLine, protocol version methods
- Status: added complete list of HTTP status codes
- UploadedFile: added getStream, getExtension, getBasename, isMoved methods
- README: added quick usage examples

Author: al3x5dev

docs/client.md

@@ -44,7 +44,7 @@ $response = $client->request('GET', 'https://api.example.com/resource');
 ```
 
 ### Handling Responses
-The response from the request is returned as a [Response](https://github.com/alexsandrov16/http/blob/main/docs/response.md) object. You can access the content, status code, and headers of the response.
+The response from the request is returned as a [Response](https://github.com/al3x5dev/http/blob/main/docs/response.md) object. You can access the content, status code, and headers of the response.
 
 ```php
 $content = $response->getBody(); // Response content

docs/cookie.md

@@ -1,21 +1,28 @@
 # Cookie
 This `Cookie` class allows you to manage cookies in your application.
 
-## Method `Cookie::set($name, $value, $expires, $path, $domain, $secure, $httponly)`.
+## Method `Cookie::set($name, $value, $expires, $path, $domain, $secure, $httponly, $sameSite)`.
 This static method adds a cookie before sending it to the browser with the specified parameters. Returns true if the cookie was set correctly, otherwise returns false.
 
 **Parameters:**
 - `$name` (string): The name of the cookie.
 - `$value` (mixed): The value of the cookie.
 - `$expires` (int): The expiration time of the cookie in seconds from the current time. Default is 0 (does not expire).
 - `$path` (string): Path where the cookie will be available. Default is '/'.
-- `$domain` (string|null): Domain to which the cookie is associated. Default is null.
-- `$secure` (bool): Indicates if the cookie should only be sent through secure connections. Default is false.
-- `$httponly` (bool): Indicates whether the cookie should only be accessible via HTTP. Default is false.
+- `$domain` (string): Domain to which the cookie is associated. Default is empty string.
+- `$secure` (bool): Indicates if the cookie should only be sent through secure connections (HTTPS). Default is false.
+- `$httponly` (bool): Indicates whether the cookie should only be accessible via HTTP (not JavaScript). Default is true.
+- `$sameSite` (string): SameSite attribute - must be 'Strict', 'Lax', or 'None'. Default is 'Lax'.
+
 ```php
-Cookie::set('helloworld','Hello World!');
-// or
-Cookie::set('hellophp','Hello PHP!',300,'/','localhost');
+// Basic cookie
+Cookie::set('helloworld', 'Hello World!');
+
+// With options
+Cookie::set('hellophp', 'Hello PHP!', 300, '/', 'localhost', true, true, 'Strict');
+
+// SameSite=None requires secure=true (automatically enforced)
+Cookie::set('crosssite', 'value', 0, '/', '', true, true, 'None');
 ```
 
 ## Method `Cookie::get(?string $name = null, mixed $default = null)`.
@@ -34,16 +41,45 @@ Cookie::get('unavailable','value');
 // return "value"
 ```
 
+## Method `Cookie::escaped(?string $name = null, mixed $default = null)`.
+This static method retrieves cookie values HTML-escaped to prevent XSS attacks. Uses ENT_QUOTES | ENT_HTML5 for complete coverage.
+
+**Parameters:**
+- `$name` (string|null): The cookie name, or null for all cookies.
+- `$default` (mixed): Default value if cookie doesn't exist.
+
+```php
+// Get single escaped cookie
+Cookie::escaped('username');
+// Returns HTML-escaped value
+
+// Get all escaped cookies
+Cookie::escaped();
+/* Returns all $_COOKIE values with HTML entities escaped */
+```
+**Note:** Use this method when outputting cookie values in HTML to prevent XSS attacks.
+
 ## Method `Cookie::has(string $name)`.
 This static method checks if a specific cookie exists in `$_COOKIE` and returns true otherwise it returns false.
 ```php
 Cookie::has('helloworld');
 // return true
 ```
 
-## Method `Cookie::remove(string $name)`.
- This method deletes a specified cookie.
+## Method `Cookie::remove(string $name, string $path, string $domain, bool $secure, bool $httponly, string $sameSite)`.
+This method deletes a specified cookie by setting its expiration to the past. Uses the same parameters as the original cookie for proper removal.
+
+**Parameters:**
+- `$name` (string): The cookie name to remove.
+- `$path` (string): Path where the cookie was set. Default is '/'.
+- `$domain` (string): Domain where the cookie was set. Default is empty.
+- `$secure` (bool): Whether the cookie was secure. Default is false.
+- `$httponly` (bool): Whether the cookie was HTTP-only. Default is true.
+- `$sameSite` (string): SameSite attribute. Default is 'Lax'.
 
 ```php
 Cookie::remove('helloworld');
+
+// Remove with specific parameters (must match original cookie)
+Cookie::remove('session', '/', 'example.com', true, true, 'Strict');
 ```

docs/headers.md

@@ -1,5 +1,27 @@
 # Headers
-The Trait `Headers` provides functionality related to the headers of an HTTP message. It is used only by the [Mk4U\Http\Request.php](https://github.com/alexsandrov16/http/blob/main/docs/request.md) and [Mk4U\Http\Response.php](https://github.com/alexsandrov16/http/blob/main/docs/response.md) classes.
+The Trait `Headers` provides functionality related to the headers of an HTTP message. It is used only by the [Mk4U\Http\Request.php](https://github.com/al3x5dev/http/blob/main/docs/request.md) and [Mk4U\Http\Response.php](https://github.com/al3x5dev/http/blob/main/docs/response.md) classes.
+
+## Protocol Version
+
+### `getProtocolVersion()`
+Returns the HTTP protocol version.
+```php
+$request->getProtocolVersion();
+// or
+$response->getProtocolVersion();
+// returns "HTTP/1.1", "HTTP/2.0", etc.
+```
+
+### `setProtocolVersion(?string $version = null)`
+Sets the HTTP protocol version. Valid versions are: '1.0', '1.1', '2.0', '3.0'.
+
+```php
+$request->setProtocolVersion('1.1');
+// or
+$response->setProtocolVersion('2.0');
+```
+
+## Headers Methods
 
 ## `getHeaders`
 This method returns an array with all the headers of the response.
@@ -11,24 +33,42 @@ $response->getHeaders();
 ```
 
 ## `getHeader`
-This method returns the value of a specific header.
+This method returns the value of a specific header as an array.
 
 **Parameters:**
 - `$name` (string): The name of the header.
 
 ```php
-$request->getHeader($name);
-// or
-$response->getHeader($name);
+$request->getHeader('Content-Type');
+// returns ["application/json"]
+
+$response->getHeader('Cache-Control');
+// returns ["max-age=3600"]
+```
+
+## `getHeaderLine`
+This method returns the value of a specific header as a comma-separated string (useful for headers with multiple values).
+
+**Parameters:**
+- `$name` (string): The name of the header.
+
+```php
+$request->getHeaderLine('Accept');
+// returns "text/html, application/json"
+
+$response->getHeaderLine('Set-Cookie');
+// returns "cookie1=value1, cookie2=value2"
 ```
 
 ## `hasHeader`
 This method checks if a specific header exists in the response. Returns a boolean value.
 
 ```php
-$request->hasHeader($name);
-// or
-$response->hasHeader($name);
+$request->hasHeader('Content-Type');
+// returns true or false
+
+$response->hasHeader('X-Custom-Header');
+// returns true or false
 ```
 
 ## `setHeader`
@@ -73,9 +113,9 @@ This method adds a header to the response. If the header already exists, the val
 - `$value` (string|array): The value of the header.
 
 ```php
-$request->addHeader($name, $value);
+$request->addHeader('Accept', 'application/json');
 // or
-$response->addHeader($name, $value);
+$response->addHeader('Set-Cookie', 'cookie2=value2');
 ```
 
 ## `removeHeader`
@@ -85,7 +125,7 @@ This method removes a header from the response.
 - `$name` (string): The name of the header to remove.
 
 ```php
-$request->removeHeader($headers);
+$request->removeHeader('X-Debug-Header');
 // or
-$response->removeHeader($headers);
+$response->removeHeader('X-Cache-Header');
 ```

docs/request.md

@@ -6,7 +6,7 @@ The `Request` class allows you to interact with the data coming into your applic
 There are two ways to create a new Request object, you can create a request based on PHP's superglobal variables, or simply simulate a request:
 
 ### Simulating a request
-When you simulate a request you must pass as parameters the http method, the uri or a [Uri object](https://github.com/alexsandrov16/http/blob/main/docs/uri.md), the headers (optional), the request body (optional) and the protocol version (optional).
+When you simulate a request you must pass as parameters the http method, the uri or a [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md), the headers (optional), the request body (optional) and the protocol version (optional).
 ```php
 require __DIR__ . '/vendor/autoload.php';
 
@@ -85,10 +85,10 @@ $request->getMethod();
 ```
 
 ### Method `Request::setUri($uri, $preserv_host = false)`.
-This method sets the [Uri object](https://github.com/alexsandrov16/http/blob/main/docs/uri.md) for the current request and optionally preserves the host in the request headers. Returns a copy of the Request object with the updated [Uri](https://github.com/alexsandrov16/http/blob/main/docs/uri.md) object and, optionally, the preserved host in the headers.
+This method sets the [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md) for the current request and optionally preserves the host in the request headers. Returns a copy of the Request object with the updated [Uri](https://github.com/al3x5dev/http/blob/main/docs/uri.md) object and, optionally, the preserved host in the headers.
 
 **Parameters:**
-- `$uri` (Uri): the [Uri object](https://github.com/alexsandrov16/http/blob/main/docs/uri.md) to set for the request.
+- `$uri` (Uri): the [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md) to set for the request.
 - `$preserv_host` (bool): Indicates whether to preserve the host in the request 
 ```php
 $request->setUri($uri);
@@ -97,7 +97,7 @@ $request->setUri($uri,true);
 ```
 
 ### Method `Request::getUri()`.
-This method returns the [Uri object](https://github.com/alexsandrov16/http/blob/main/docs/uri.md) associated with the current request.
+This method returns the [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md) associated with the current request.
 ```php
 $request->getUri();
 // return object(Mk4U\Http\Uri)
@@ -174,7 +174,7 @@ $request->rawData();
 ```
 
 ### Method `Request::files()`.
-This method returns an array containing the files uploaded to the server in the current request stored in the [UploadedFile](https://github.com/alexsandrov16/http/blob/main/docs/uploadedfile.md) or an empty array if there are no files.
+This method returns an array containing the files uploaded to the server in the current request stored in the [UploadedFile](https://github.com/al3x5dev/http/blob/main/docs/uploadedfile.md) or an empty array if there are no files.
 ```php
 $request->files();
 /* return [
@@ -187,3 +187,46 @@ $request->files();
   }
 ]*/ 
 ```
+
+### Method `Request::getMethod()`.
+This method returns the HTTP method used in the request as an uppercase string.
+```php
+$request->getMethod();
+// return "GET", "POST", "PUT", etc.
+```
+
+### Method `Request::getUri()`.
+This method returns the [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md) associated with the current request.
+```php
+$request->getUri();
+// return object(Mk4U\Http\Uri)
+```
+
+### Method `Request::setUri(Uri $uri, bool $preserveHost = false)`.
+This method sets the [Uri object](https://github.com/al3x5dev/http/blob/main/docs/uri.md) for the current request. Optionally preserves the host header.
+
+**Parameters:**
+- `$uri` (Uri): The Uri object to set.
+- `$preserveHost` (bool): If true, preserves the existing Host header. Default is false.
+
+```php
+$uri = new Uri('https://example.com/path');
+$request->setUri($uri);
+
+// With host preservation
+$request->setUri($uri, true);
+```
+
+### Method `Request::getTarget()`.
+This method returns the target path of the request (the URI path).
+```php
+$request->getTarget();
+// return "/path/to/resource" or "/" if empty
+```
+
+### Method `Request::isFormData()`.
+This method determines if the request contains form data (application/x-www-form-urlencoded or multipart/form-data with POST method).
+```php
+$request->isFormData();
+// return true or false
+```

docs/response.md

@@ -20,7 +20,7 @@ return $response->plain('Hello World!');
 // Both implementations return "Hello World!"" and the default status code is 200.
 ```
 
-Can also create responses for different types of content and [status codes](https://github.com/alexsandrov16/http/blob/main/docs/status.md).
+Can also create responses for different types of content and [status codes](https://github.com/al3x5dev/http/blob/main/docs/status.md).
 ```php
 $response=new Response();
 
@@ -143,4 +143,77 @@ $xml=<<<XML
 </note>
 XML;
 Response::xml($xml, $status, $headers);
+```
+
+### Method `Response::download(string $filePath, ?string $filename = null, array $headers = [], bool $display = false)`.
+This method generates a response that forces the user's browser to download the file at the given path.
+
+**Parameters:**
+- `$filePath` (string): Absolute path to the file to download.
+- `$filename` (string|null): Custom filename for the download (optional, defaults to original filename).
+- `$headers` (array): Additional HTTP headers (optional).
+- `$display` (bool): If true, displays file inline instead of forcing download (default: false).
+
+```php
+// Basic download
+Response::download('/path/to/file.pdf');
+
+// With custom filename
+Response::download('/path/to/file.pdf', 'my-document.pdf');
+
+// With custom headers
+Response::download('/path/to/file.pdf', null, ['Cache-Control' => 'no-cache']);
+
+// Display file inline (in browser)
+Response::download('/path/to/image.png', display: true);
+```
+
+### Method `Response::file(string $filePath, array $headers = [])`.
+This method displays a file directly in the user's browser instead of downloading it (inline).
+
+**Parameters:**
+- `$filePath` (string): Absolute path to the file.
+- `$headers` (array): Additional HTTP headers (optional).
+
+```php
+// Display image in browser
+Response::file('/path/to/image.png');
+
+// With custom headers
+Response::file('/path/to/image.png', ['Cache-Control' => 'public, max-age=3600']);
+```
+
+### Method `Response::streamDownload($stream, ?string $filename = null, ?int $filesize = null, array $headers = [])`.
+This method downloads a file from a stream, useful for large files to avoid loading them entirely into memory.
+
+**Parameters:**
+- `$stream` (resource): A readable stream resource.
+- `$filename` (string|null): Custom filename for the download (optional).
+- `$filesize` (int|null): Size of the file in bytes (optional).
+- `$headers` (array): Additional HTTP headers (optional).
+
+```php
+// Download from stream
+$stream = fopen('/path/to/large-file.zip', 'r');
+Response::streamDownload($stream, 'download.zip', filesize('/path/to/large-file.zip'));
+
+// Or from a URL stream
+$stream = fopen('http://example.com/file.zip', 'r');
+Response::streamDownload($stream, 'file.zip');
+```
+
+### MIME Type Detection
+The `Response::download()`, `Response::file()`, and `Response::streamDownload()` methods automatically detect the MIME type based on the file extension:
+
+```php
+$response = Response::download('/path/to/document.pdf');
+// Content-Type: application/pdf
+
+$response = Response::download('/path/to/image.png');
+// Content-Type: image/png
+
+$response = Response::download('/path/to/data.json');
+// Content-Type: application/json
+
+// Unknown extensions default to: application/octet-stream
 ```