.gitignore

@@ -1,4 +1,7 @@
 tags
+AGENTS.md
+docs-src/pages/AGENTS.md
+plans/
 
 # Ignore executables (no extension) but not source files
 example/server

README.md

@@ -64,26 +64,14 @@ if (auto res = cli.Get("/hi")) {
 
 cpp-httplib supports multiple TLS backends through an abstraction layer:
 
-| Backend | Define | Libraries |
-| :------ | :----- | :-------- |
-| OpenSSL | `CPPHTTPLIB_OPENSSL_SUPPORT` | `libssl`, `libcrypto` |
-| Mbed TLS | `CPPHTTPLIB_MBEDTLS_SUPPORT` | `libmbedtls`, `libmbedx509`, `libmbedcrypto` |
-| wolfSSL | `CPPHTTPLIB_WOLFSSL_SUPPORT` | `libwolfssl` |
+| Backend | Define | Libraries | Notes |
+| :------ | :----- | :-------- | :---- |
+| OpenSSL | `CPPHTTPLIB_OPENSSL_SUPPORT` | `libssl`, `libcrypto` | [3.0 or later](https://www.openssl.org/policies/releasestrat.html) required |
+| Mbed TLS | `CPPHTTPLIB_MBEDTLS_SUPPORT` | `libmbedtls`, `libmbedx509`, `libmbedcrypto` | 2.x and 3.x supported (auto-detected) |
+| wolfSSL | `CPPHTTPLIB_WOLFSSL_SUPPORT` | `libwolfssl` | 5.x supported; must build with `--enable-opensslall` |
 
 > [!NOTE]
-> OpenSSL 3.0 or later is required. Please see [this page](https://www.openssl.org/policies/releasestrat.html) for more information.
-
-> [!NOTE]
-> Mbed TLS 2.x and 3.x are supported. The library automatically detects the version and uses the appropriate API.
-
-> [!NOTE]
-> wolfSSL must be built with OpenSSL compatibility layer enabled (`--enable-opensslall`). wolfSSL 5.x is supported.
-
-> [!NOTE]
-> **Mbed TLS / wolfSSL limitation:** `get_ca_certs()` and `get_ca_names()` only reflect CA certificates loaded via `load_ca_cert_store()` or `load_ca_cert_store(pem, size)`. Certificates loaded through `set_ca_cert_path()` or system certificates (`load_system_certs`) are not enumerable with these backends.
-
-> [!TIP]
-> For macOS: cpp-httplib automatically loads system certs from the Keychain when a TLS backend is enabled. `CoreFoundation` and `Security` must be linked with `-framework`. To disable this, define `CPPHTTPLIB_DISABLE_MACOSX_AUTOMATIC_ROOT_CERTIFICATES`.
+> **Mbed TLS / wolfSSL limitation:** `get_ca_certs()` and `get_ca_names()` only reflect CA certificates loaded via `load_ca_cert_store()`. Certificates loaded through `set_ca_cert_path()` or system certificates (`load_system_certs`) are not enumerable.
 
 ```c++
 // Use either OpenSSL, Mbed TLS, or wolfSSL
@@ -197,27 +185,21 @@ svr.Get("/", [](const httplib::Request &req, httplib::Response &res) {
 });
 ```
 
-### Windows Certificate Verification
+### Platform-specific Certificate Handling
 
-On Windows, cpp-httplib automatically performs additional certificate verification using the Windows certificate store via CryptoAPI (`CertGetCertificateChain` / `CertVerifyCertificateChainPolicy`). This works with all TLS backends (OpenSSL, Mbed TLS, and wolfSSL), providing:
+cpp-httplib automatically integrates with the OS certificate store on macOS and Windows. This works with all TLS backends.
 
-- Real-time certificate validation integrated with Windows Update
-- Certificate revocation checking
-- SSL/TLS policy verification using the system certificate store (ROOT and CA)
+| Platform | Behavior | Disable (compile time) |
+| :------- | :------- | :--------------------- |
+| macOS | Loads system certs from Keychain (link `CoreFoundation` and `Security` with `-framework`) | `CPPHTTPLIB_DISABLE_MACOSX_AUTOMATIC_ROOT_CERTIFICATES` |
+| Windows | Verifies certs via CryptoAPI (`CertGetCertificateChain` / `CertVerifyCertificateChainPolicy`) with revocation checking | `CPPHTTPLIB_DISABLE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE` |
 
-This feature is enabled by default and can be controlled at runtime:
+On Windows, verification can also be disabled at runtime:
 
 ```c++
-// Disable Windows certificate verification (use only OpenSSL/Mbed TLS/wolfSSL verification)
 cli.enable_windows_certificate_verification(false);
 ```
 
-To disable this feature at compile time, define:
-
-```c++
-#define CPPHTTPLIB_DISABLE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE
-```
-
 > [!NOTE]
 > When using SSL, it seems impossible to avoid SIGPIPE in all cases, since on some operating systems, SIGPIPE can only be suppressed on a per-message basis, but there is no way to make the OpenSSL library do so for its internal communications. If your program needs to avoid being terminated on SIGPIPE, the only fully general way might be to set up a signal handler for SIGPIPE to handle or ignore it yourself.
 

docs-src/pages/en/cookbook/index.md

@@ -24,7 +24,7 @@ A collection of recipes that answer "How do I...?" questions. Each recipe is sel
 
 ### Streaming & Progress
 - Receive a response as a stream
-- Use the progress callback (`set_progress`)
+- Use the progress callback (`DownloadProgress` / `UploadProgress`)
 
 ### Connection & Performance
 - Set timeouts (`set_connection_timeout` / `set_read_timeout`)
@@ -90,6 +90,6 @@ A collection of recipes that answer "How do I...?" questions. Each recipe is sel
 ## WebSocket
 
 - Implement a WebSocket echo server and client
-- Configure heartbeats (`set_websocket_ping_interval`)
+- Configure heartbeats (`set_websocket_ping_interval` / `CPPHTTPLIB_WEBSOCKET_PING_INTERVAL_SECOND`)
 - Handle connection close
 - Send and receive binary frames

docs-src/pages/en/tour/09-whats-next.md

@@ -60,7 +60,7 @@ For uploading large files, `make_file_provider()` comes in handy. It streams the
 ```cpp
 httplib::Client cli("http://localhost:8080");
 
-auto res = cli.Post("/upload", {}, {
+auto res = cli.Post("/upload", {}, {}, {
     httplib::make_file_provider("file", "/path/to/large-file.zip")
 });
 ```
@@ -160,16 +160,16 @@ svr.set_post_routing_handler([](const auto &req, auto &res) {
 });
 ```
 
-Use `req.user_data` to pass data from middleware to handlers. This is useful for sharing things like decoded auth tokens.
+Use `res.user_data` to pass data from middleware to handlers. This is useful for sharing things like decoded auth tokens.
 
 ```cpp
 svr.set_pre_routing_handler([](const auto &req, auto &res) {
-    req.user_data["auth_user"] = std::string("alice");
+    res.user_data["auth_user"] = std::string("alice");
     return httplib::Server::HandlerResponse::Unhandled;
 });
 
 svr.Get("/me", [](const auto &req, auto &res) {
-    auto user = std::any_cast<std::string>(req.user_data.at("auth_user"));
+    auto user = std::any_cast<std::string>(res.user_data.at("auth_user"));
     res.set_content("Hello, " + user, "text/plain");
 });
 ```

docs-src/pages/ja/cookbook/index.md

@@ -24,7 +24,7 @@ order: 0
 
 ### ストリーミング・進捗
 - レスポンスをストリーミングで受信する
-- 進捗コールバックを使う（`set_progress`）
+- 進捗コールバックを使う（`DownloadProgress` / `UploadProgress`）
 
 ### 接続・パフォーマンス
 - タイムアウトを設定する（`set_connection_timeout` / `set_read_timeout`）
@@ -90,6 +90,6 @@ order: 0
 ## WebSocket
 
 - WebSocket エコーサーバー／クライアントを実装する
-- ハートビートを設定する（`set_websocket_ping_interval`）
+- ハートビートを設定する（`set_websocket_ping_interval` / `CPPHTTPLIB_WEBSOCKET_PING_INTERVAL_SECOND`）
 - 接続クローズをハンドリングする
 - バイナリフレームを送受信する

docs-src/pages/ja/tour/09-whats-next.md

@@ -60,7 +60,7 @@ svr.Get("/stream", [](const auto &, auto &res) {
 ```cpp
 httplib::Client cli("http://localhost:8080");
 
-auto res = cli.Post("/upload", {}, {
+auto res = cli.Post("/upload", {}, {}, {
     httplib::make_file_provider("file", "/path/to/large-file.zip")
 });
 ```
@@ -160,16 +160,16 @@ svr.set_post_routing_handler([](const auto &req, auto &res) {
 });
 ```
 
-`req.user_data` を使うと、ミドルウェアからハンドラーにデータを渡せます。認証トークンのデコード結果を共有するときに便利です。
+`res.user_data` を使うと、ミドルウェアからハンドラーにデータを渡せます。認証トークンのデコード結果を共有するときに便利です。
 
 ```cpp
 svr.set_pre_routing_handler([](const auto &req, auto &res) {
-    req.user_data["auth_user"] = std::string("alice");
+    res.user_data["auth_user"] = std::string("alice");
     return httplib::Server::HandlerResponse::Unhandled;
 });
 
 svr.Get("/me", [](const auto &req, auto &res) {
-    auto user = std::any_cast<std::string>(req.user_data.at("auth_user"));
+    auto user = std::any_cast<std::string>(res.user_data.at("auth_user"));
     res.set_content("Hello, " + user, "text/plain");
 });
 ```