I'm looking at it now, just a quick
peek. Hope to get some time to actually use it next week.
Is there an API reference or guidance on usage? The header file
has comments which appear to be meant as the documentation and I
see there's several examples, but is there anything else like a
file that's meant for novice users to understand how to use it?
Looking at the implementation very briefly, my main concern is the
use of busy loops and delay() to wait for incoming data. The
blocking approach is simple, and probably makes a lot of sense for
this library to be used by sketches. But consider the case of
this library being used by other libraries, to implement protocols
which are built on top of HTTP. Any blocking inside the library
will force any other higher level protocol libraries build on top
of this to also be blocking.
My hope is you might adopt Arduino's usual convention of
available() and read(), rather any code which causes blocking for
incoming data. For the status code, rather than waiting,
available would return 0 or 1 depending on whether it's arrived,
and read would return -1 if the status code hasn't arrived yet.
Likewise for skipping past the unwanted headers, perhaps an
available & read pair could be provided to read the response
body. If the user's desire is to ignore the rest of the headers,
instead of the blocking skipResponseHeaders(), the available
function for the body would look at the internal state and discard
the rest of the headers, without blocking, and return 0 if none of
the body data is available yet. Following the normal convention,
a read function for the body ought to return what's currently
received.
The responseBody() function seems to try to do this now.... but
another possible issue is an attempt to allocate a String large
enough to hold the entire expected document. That probably makes
sense for a very limited class of applications where a server
returns a short body... but maybe not a good plan for a general
purpose HTTP library where most Arduino compatible boards have
less RAM than the typical size of most HTML documents. I see
there's also read() functions, so maybe responseBody is meant to
be used only as a convenience function? Maybe I'm overly
paranoid, but this worries me. Maybe it could lead to Arduino
users unwittingly crafting projects with security vulnerabilities,
where a server could return a longer response that causes a crash
or incorrect behavior? I see several of the examples use
responseBody in the simplest way possible, without checking how
much data is expected, or whether their one and only call to
responseBody actually returned all the body's data. Or maybe this
is only used for cases where the client fully trusts the server?