npm - gina - Versions diffs - 0.1.1-alpha.23 → 0.1.1-alpha.230 - Mend

gina 0.1.1-alpha.23 → 0.1.1-alpha.230

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

package/framework/{v0.1.1-alpha.23 → v0.1.1-alpha.230}/core/controller/controller.js RENAMED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 /*
  * This file is part of the gina package.
- * Copyright (c) 2009-2022 Rhinostone <contact@gina.io>
+ * Copyright (c) 2009-2023 Rhinostone <contact@gina.io>
  *
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
@@ -19,13 +19,15 @@ var zlib            = require('zlib');
 // var tls = require('tls');
 // var crypto = require('crypto');
-var lib             = require('./../../lib') || require.cache[require.resolve('./../../lib')];
+var lib             = require('./../../lib') || require.cache[require.resolve('./../../lib')];
 var merge           = lib.merge;
 var inherits        = lib.inherits;
 var console         = lib.logger;
 var Collection      = lib.Collection;
-var routingUtils    = lib.routing;
+var routingLib      = lib.routing;
 var swig            = require('swig');
+// Swig 2
+// var swig            = require('./../deps/swig-client/swig-2.0.0.min.js');
 var SwigFilters     = lib.SwigFilters;
 var statusCodes     = requireJSON( _( getPath('gina').core + '/status.codes') );
@@ -44,9 +46,9 @@ function SuperController(options) {
     //public
     this.name = 'SuperController';
-    this.engine = {};
+    this.engine = {};
     var self = this;
     //private
     var local = {
@@ -68,16 +70,16 @@ function SuperController(options) {
         if ( typeof(SuperController.initialized) != 'undefined' ) {
             return getInstance()
         } else {
             SuperController.instance = self;
             if (local.options) {
                 SuperController.instance._options = local.options;
             }
             SuperController.initialized = true;
         }
     }
@@ -85,46 +87,64 @@ function SuperController(options) {
         local.options = SuperController.instance._options = options;
         // 2022-03-07 Fix for none-developpement environnements (without cache)
         self._options = local.options;
         return SuperController.instance;
     }
     var hasViews = function() {
         return ( typeof(local.options.template) != 'undefined' ) ? true : false;
     }
     /**
      * isHttp2
      * Returns `true` if server configured for HTTP/2
-     *
+     *
      * @returns {boolean} isHttp2
      */
     var isHttp2 = function() {
-        var options =  local.options;
+        var options =  local.options;
         var protocolVersion = ~~options.conf.server.protocol.match(/\/(.*)$/)[1].replace(/\.\d+/, '');
         var httpLib =  options.conf.server.protocol.match(/^(.*)\//)[1] + ( (protocolVersion >= 2) ? protocolVersion : '' );
         return /http2/.test(httpLib)
     }
+    var headersSent = function(res) {
+        var _res = ( typeof(res) != 'undefined' ) ? res : local.res;
+        if ( typeof(_res.headersSent) != 'undefined' ) {
+            return _res.headersSent
+        }
+        if (
+            typeof(_res.stream) != 'undefined'
+            && typeof(_res.stream.headersSent) != 'undefined'
+            && _res.stream.headersSent != 'null'
+        ) {
+            return true
+        }
+        return false;
+    }
     /**
      * isSecured
      * Returns `true` if server configured to handle a HTTPS exchanges
-     *
+     *
      * @returns {boolean} isSecured
      */
     var isSecured = function() {
         return /https/.test(local.options.conf.server.scheme)
     }
     this.getRequestObject = function() {
         return local.req;
     }
     this.getResponseObject = function() {
         return local.res;
     }
     this.getNextCallback = function() {
         return local.next;
     }
@@ -146,7 +166,7 @@ function SuperController(options) {
         local.options = SuperController.instance._options = options;
         local.options.renderingStack = (local.options.renderingStack) ? local.options.renderingStack : [];
         local.options.isRenderingCustomError = (local.options.isRenderingCustomError) ? local.options.isRenderingCustomError : false;
         // N.B.: Avoid setting `page` properties as much as possible from the routing.json
         // It will be easier for the framework if set from the controller.
@@ -169,12 +189,12 @@ function SuperController(options) {
         //      var data = { page: { view: { title: "My Title"}}};
         //      self.render(data)
         // }
         if ( typeof(options.conf.content.routing[options.rule].param) !=  'undefined' ) {
             var str = 'page.'
                 , p = options.conf.content.routing[options.rule].param
             ;
             for (var key in p) {
                 if ( p.hasOwnProperty(key) && !/^(control)$/.test(key) ) {
                     str += key + '.';
@@ -213,23 +233,23 @@ function SuperController(options) {
                 , rule              = local.options.rule
                 , ext               = 'html' // by default
                 , isWithoutLayout   = false // by default
-                , namespace         = local.options.namespace || '';
+                , namespace         = local.options.namespace || '';
             if ( typeof(local.options.template) != 'undefined' && local.options.template ) {
-                if (
-                    typeof(local.options.template.ext) != 'undefined'
-                    && local.options.template.ext
+                if (
+                    typeof(local.options.template.ext) != 'undefined'
+                    && local.options.template.ext
                     && local.options.template.ext != ''
                 ) {
                     ext = local.options.template.ext
                 }
                 if ( !/\./.test(ext) ) {
                     ext = '.' + ext;
                     local.options.template.ext = ext
                 }
                 if (
                     typeof(local.options.template.layout) == 'undefined'
                     || /^false$/.test(local.options.template.layout)
@@ -238,27 +258,27 @@ function SuperController(options) {
                     isWithoutLayout = true;
                 }
             }
             if ( hasViews() ) {
                 if ( typeof(local.options.file) == 'undefined') {
                     local.options.file = 'index'
                 }
                 if ( typeof(local.options.isWithoutLayout) == 'undefined' || !isWithoutLayout ) {
                     local.options.isWithoutLayout = false;
                 }
                 rule        = local.options.rule;
-                namespace   = local.options.namespace || 'default';
+                namespace   = local.options.namespace || 'default';
                 set('page.view.file', local.options.file);
                 set('page.view.title', rule.replace(new RegExp('@' + options.conf.bundle), ''));
                 set('page.view.namespace', namespace);
-            }
+            }
             var ctx = getContext('gina');
             // new declaration && overrides
@@ -270,26 +290,31 @@ function SuperController(options) {
                 "middleware"    : ctx.middleware
             };
+            set('page.environment.allocated memory', (require('v8').getHeapStatistics().heap_size_limit / (1024 * 1024 * 1024)).toFixed(2) +' GB');
             set('page.environment.gina', version.number);
             set('page.environment.gina pid', GINA_PID);
             set('page.environment.nodejs', version.nodejs +' '+ version.platform +' '+ version.arch);
             set('page.environment.engine', options.conf.server.engine);//version.middleware
             set('page.environment.env', process.env.NODE_ENV);
             set('page.environment.envIsDev', self.isCacheless());
+            set('page.environment.scope', process.env.NODE_SCOPE);
+            set('page.environment.scopeIsLocal', process.env.NODE_SCOPE_IS_LOCAL);
             set('page.environment.date.now', new Date().format("isoDateTime"));
             var routing = local.options.conf.routing = ctx.config.envConf.routing; // all routes
-            set('page.environment.routing', escape(JSON.stringify(routing))); // export for GFF
+            set('page.environment.routing', encodeRFC5987ValueChars(JSON.stringify(routing))); // export for GFF
             //reverseRouting
             var reverseRouting = local.options.conf.reverseRouting = ctx.config.envConf.reverseRouting; // all routes
-            set('page.environment.reverseRouting', escape(JSON.stringify(reverseRouting))); // export for GFF
+            set('page.environment.reverseRouting', encodeRFC5987ValueChars(JSON.stringify(reverseRouting))); // export for GFF
             var forms = local.options.conf.forms = options.conf.content.forms // all forms
-            set('page.environment.forms', escape(JSON.stringify(forms))); // export for GFF
+            set('page.environment.forms', encodeRFC5987ValueChars(JSON.stringify(forms))); // export for GFF
             set('page.forms', options.conf.content.forms);
             set('page.environment.hostname', ctx.config.envConf[options.conf.bundle][process.env.NODE_ENV].hostname);
+            set('page.environment.rootDomain', ctx.config.envConf[options.conf.bundle][process.env.NODE_ENV].rootDomain);
             set('page.environment.webroot', options.conf.server.webroot);
             set('page.environment.bundle', options.conf.bundle);
             set('page.environment.project', options.conf.projectName);
@@ -298,14 +323,14 @@ function SuperController(options) {
             set('page.environment.port', options.conf.server.port);
             set('page.environment.debugPort', options.conf.server.debugPort);
             set('page.environment.pid', process.pid);
             set('page.view.ext', ext);
             set('page.view.control', action);
             set('page.view.controller', local.options.controller.replace(options.conf.bundlesPath, ''), true);
             if (typeof (local.options.controlRequired) != 'undefined' ) {
                 set('page.view.controlRequired', local.options.controlRequired);
-            }
+            }
             set('page.view.method', local.options.method);
             set('page.view.namespace', namespace); // by default
             set('page.view.url', req.url);
@@ -314,12 +339,12 @@ function SuperController(options) {
                 set('page.view.html.properties.mode.javascriptsDeferEnabled', local.options.template.javascriptsDeferEnabled);
                 set('page.view.html.properties.mode.routeNameAsFilenameEnabled', local.options.template.routeNameAsFilenameEnabled);
             }
             var parameters = JSON.clone(req.getParams());
             parameters = merge(parameters, options.conf.content.routing[rule].param);
             // excluding default page properties
-            delete parameters[0];
+            delete parameters[0];
             delete parameters.file;
             delete parameters.control;
             delete parameters.title;
@@ -329,7 +354,7 @@ function SuperController(options) {
             set('page.view.route', rule);
             var acceptLanguage = GINA_CULTURE; // by default : language-COUNTRY
             if ( typeof(req.headers['accept-language']) != 'undefined' ) {
                 acceptLanguage = req.headers['accept-language']
@@ -348,8 +373,8 @@ function SuperController(options) {
             try {
                 userLocales = locales.findOne({ lang: userLangCode }).content;
-            } catch (err) {
-                //var defaultRegion = (local.options.conf.content.settings.region) ? local.options.conf.content.settings.region.shortCode
+            } catch (err) {
+                //var defaultRegion = (local.options.conf.content.settings.region) ? local.options.conf.content.settings.region.shortCode
                 console.warn('language code `'+ userLangCode +'` not handled by current locales setup: replacing by default: `'+ local.options.conf.content.settings.region.shortCode +'`');
                 userLocales = locales.findOne({ lang: local.options.conf.content.settings.region.shortCode }).content // by default
             }
@@ -359,7 +384,7 @@ function SuperController(options) {
             // user locale
             options.conf.locale = new Collection(userLocales).findOne({ short: userCountryCode }) || {};
             //set('page.date.now', new Date().format("isoDateTime"));
             if ( typeof(options.conf.locale) == 'undefined' || !options.conf.locale ) {
                 options.conf.locale = {}
@@ -370,21 +395,21 @@ function SuperController(options) {
             set('page.view.locale', options.conf.locale);
             set('page.view.lang', userCulture);
         }
         if ( !getContext('isProxyHost') ) {
             var isProxyHost = ( typeof(req.headers.host) != 'undefined' && local.options.conf.server.scheme +'://'+ req.headers.host != local.options.conf.hostname || typeof(req.headers[':authority']) != 'undefined' && local.options.conf.server.scheme +'://'+ req.headers[':authority'] != local.options.conf.hostname  ) ? true : false;
             setContext('isProxyHost', isProxyHost);
         }
         //TODO - detect when to use swig
         var dir = null;
         if (local.options.template || self.templates) {
             dir = local.options.template.templates || self.templates;
             var swigOptions = {
                 autoescape  : ( typeof(local.options.autoescape) != 'undefined') ? local.options.autoescape : false,
                 // `memory` is no working yet ... advanced rendering setup required
-                //cache       : (local.options.cacheless) ? false : 'memory'
+                // cache       : (local.options.cacheless) ? false : 'memory'
                 cache       : false
             };
             if (dir) {
@@ -394,18 +419,18 @@ function SuperController(options) {
                 local._swigOptions = JSON.clone(swigOptions);
             }
             swig.setDefaults(swigOptions);
-            // used for self.engine.compile(tpl, swigOptions)(data)
+            // used for self.engine.compile(tpl, swigOptions)(swigData)
             swig.getOptions = function() {
                 return local._swigOptions;
             }
             // preserve the same timezone as the system
             var defaultTZOffset = new Date().getTimezoneOffset();
             swig.setDefaultTZOffset(defaultTZOffset);
             self.engine = swig;
         }
     }
     this.renderWithoutLayout = function (data, displayToolbar) {
         // preventing multiple call of self.renderWithoutLayout() when controller is rendering from another required controller
@@ -414,7 +439,7 @@ function SuperController(options) {
         }
         local.options.isWithoutLayout = true;
         self.render(data, displayToolbar);
     }
@@ -444,47 +469,52 @@ function SuperController(options) {
                                 ) ? true : false;
         if (isRenderingCustomError)
             delete userData.isRenderingCustomError;
         var localOptions = (errOptions) ? errOptions : local.options;
         localOptions.renderingStack.push( self.name );
         // preventing multiple call of self.render() when controller is rendering from another required controller
         if ( localOptions.renderingStack.length > 1 && !isRenderingCustomError ) {
             return false
         }
         var data                = null
             , layout            = null
             , template          = null
             , file              = null
             , path              = null
             , plugin            = null
-            , isWithoutLayout   = (localOptions.isWithoutLayout) ? true : false
+            , isWithoutLayout   = (localOptions.isWithoutLayout) ? true : false
         ;
         localOptions.debugMode = ( typeof(displayToolbar) == 'undefined' ) ? undefined : ( (/true/i.test(displayToolbar)) ? true : false ); // only active for dev env
         // specific override
         if (
             self.isCacheless()
-            && typeof(local.req[ local.req.method.toLowerCase() ]) != 'undefined'
-            && typeof(local.req[ local.req.method.toLowerCase() ].debug) != 'undefined'
+            && typeof(local.req[ local.req.method.toLowerCase() ]) != 'undefined'
+            && typeof(local.req[ local.req.method.toLowerCase() ].debug) != 'undefined'
         ) {
-            localOptions.debugMode = ( /true/i.test(local.req[ local.req.method.toLowerCase() ].debug) ) ? true : false;
-        } else if (
-            self.isCacheless()
+            if ( !/^(true|false)$/i.test(local.req[ local.req.method.toLowerCase() ].debug) ) {
+                console.warn('Detected wrong value for `debug`: '+ local.req[ local.req.method.toLowerCase() ].debug);
+                console.warn('Switching `debug` to `true` as `cacheless` mode is enabled');
+                local.req[ local.req.method.toLowerCase() ].debug = true;
+            }
+            localOptions.debugMode = ( /^true$/i.test(local.req[ local.req.method.toLowerCase() ].debug) ) ? true : false;
+        } else if (
+            self.isCacheless()
             && hasViews()
-            && !isWithoutLayout
-            && localOptions.debugMode == undefined
+            && !isWithoutLayout
+            && localOptions.debugMode == undefined
         ) {
             localOptions.debugMode = true;
         } else if ( localOptions.debugMode == undefined  ) {
             localOptions.debugMode = self.isCacheless()
         }
         try {
             data = getData();
             if (!userData) {
                 userData = { page: { view: {}}}
             } else if ( userData && !userData['page']) {
@@ -502,7 +532,7 @@ function SuperController(options) {
             if ( isWithoutLayout ) {
                 localTemplateConf = JSON.clone(localOptions.template);
                 localTemplateConf.javascripts = new Collection(localTemplateConf.javascripts).find({ isCommon: false}, { isCommon: true, name: 'gina' });
-                localTemplateConf.stylesheets = new Collection(localTemplateConf.stylesheets).find({ isCommon: false}, { isCommon: true, name: 'gina' });
+                localTemplateConf.stylesheets = new Collection(localTemplateConf.stylesheets).find({ isCommon: false}, { isCommon: true, name: 'gina' });
             }
             setResources(localTemplateConf);
             // Allowing file & ext override
@@ -512,13 +542,13 @@ function SuperController(options) {
             ) {
                 data.page.view.file = localOptions.file = local.req.routing.param.file
             }
-            if (
-                typeof(local.req.routing.param.ext) != 'undefined'
+            if (
+                typeof(local.req.routing.param.ext) != 'undefined'
                 && data.page.view.ext !== local.req.routing.param.ext
             ) {
                 data.page.view.ext = localOptions.template.ext = local.req.routing.param.ext
             }
             file = (isRenderingCustomError) ? localOptions.file : data.page.view.file;
             // pre-compiling variables
@@ -527,13 +557,13 @@ function SuperController(options) {
             if  (typeof(data.page.data) == 'undefined' ) {
                 data.page.data = {}
             }
-            if (
+            if (
                 !local.options.isRenderingCustomError
-                && typeof(data.page.data.status) != 'undefined'
-                && !/^2/.test(data.page.data.status)
-                && typeof(data.page.data.error) != 'undefined'
+                && typeof(data.page.data.status) != 'undefined'
+                && !/^2/.test(data.page.data.status)
+                && typeof(data.page.data.error) != 'undefined'
             ) {
                 var statusCode = localOptions.conf.server.coreConfiguration.statusCodes;
                 var errorObject = {
@@ -553,11 +583,18 @@ function SuperController(options) {
             // making path thru [namespace &] file
             if ( typeof(localOptions.namespace) != 'undefined' && localOptions.namespace ) {
                 // excepted for custom paths
-                if ( !/^(\.|\/|\\)/.test(file) )
+                var fileNamingConvention = file.replace(localOptions.namespace+'-', '');
+                if ( !/^(\.|\/|\\)/.test(file) && file != fileNamingConvention ) {
+                    var _ext = data.page.view.ext;
+                    console.warn('file `'+ file +'` used in routing `'+ localOptions.rule +'` does not respect gina naming convention ! You should rename the file `'+ file + _ext +'` to `'+ ''+ fileNamingConvention + _ext +'`');
+                    console.warn('The reason you are getting this message is because your filename begeins with `<namespace>-`\n If you don\‘t want to rename, use template path like ./../'+ localOptions.namespace +'/'+file);
                     file = ''+ file.replace(localOptions.namespace+'-', '');
+                }
                 // means that rule name === namespace -> pointing to root namespace dir
-                if (!file || file === localOptions.namespace) {
+                if (!file || file === localOptions.namespace) {
                     file = 'index'
                 }
                 path = (isRenderingCustomError) ? _(file) : _(localOptions.template.html +'/'+ localOptions.namespace + '/' + file)
@@ -593,14 +630,14 @@ function SuperController(options) {
                 dic['page.'+d] = data.page[d]
             }
             // please, do not start with a slashe when including...
             // ex.:
             //      /html/inc/_partial.html (BAD)
             //      html/inc/_partial.html (GOOD)
             //      ./html/namespace/page.html (GOOD)
             if ( !fs.existsSync(path) ) {
                 msg = 'could not open "'+ path +'"' +
                             '\n1) The requested file does not exists in your templates/html (check your template directory). Can you find: '+path +
@@ -614,32 +651,32 @@ function SuperController(options) {
                 self.throwError(err);
                 return;
             }
-            var isProxyHost = (
-                typeof(local.req.headers.host) != 'undefined'
-                    && localOptions.conf.server.scheme +'://'+ local.req.headers.host != localOptions.conf.hostname
-                || typeof(local.req.headers[':authority']) != 'undefined'
-                    && localOptions.conf.server.scheme +'://'+ local.req.headers[':authority'] != localOptions.conf.hostname
+            var isProxyHost = (
+                typeof(local.req.headers.host) != 'undefined'
+                    && localOptions.conf.server.scheme +'://'+ local.req.headers.host != localOptions.conf.hostname
+                || typeof(local.req.headers[':authority']) != 'undefined'
+                    && localOptions.conf.server.scheme +'://'+ local.req.headers[':authority'] != localOptions.conf.hostname
             ) ? true : false;
-            // setup swig default filters
+            // setup swig default filters
             var filters = SwigFilters({
                 options     : JSON.clone(localOptions),
                 isProxyHost : isProxyHost,
                 throwError  : self.throwError,
                 req         : local.req,
-                res         : local.res
+                res         : local.res
             });
             try {
                 // Extends default `length` filter
                 swig.setFilter('length', filters.length);
                 // Allows you to get a bundle web root
                 swig.setFilter('getWebroot', filters.getWebroot);
                 swig.setFilter('getUrl', filters.getUrl);
             } catch (err) {
@@ -651,10 +688,10 @@ function SuperController(options) {
                 self.throwError(local.res, 500, new Error('template compilation exception encoutered: [ '+path+' ]\n'+(err.stack||err.message)));
                 return;
             }
-            var layoutPath              = null
+            var layoutPath              = null
                 , assets                = null
                 , mapping               = null
                 , XHRData               = null
@@ -665,26 +702,26 @@ function SuperController(options) {
                 , isWithSwigLayout      = null
                 , isUsingGinaLayout     = (!isWithoutLayout && typeof(localOptions.template.layout) != 'undefined' && fs.existsSync(local.options.template.layout)) ? true : false
             ;
-            if ( isWithoutLayout || isUsingGinaLayout ) {
+            if ( isWithoutLayout || isUsingGinaLayout ) {
                 layoutPath = (isWithoutLayout) ? localOptions.template.noLayout : localOptions.template.layout;
                 // user layout override
-                if ( isUsingGinaLayout && !isWithoutLayout ) {
+                if ( isUsingGinaLayout && !isWithoutLayout ) {
                     layoutPath = localOptions.template.layout;
-                }
+                }
                 if (isWithoutLayout) {
                     data.page.view.layout = layoutPath;
-                }
+                }
             } else { // without layout case
                 // by default
                 layoutPath = localOptions.template.layout;
                 if ( !/^\//.test(layoutPath)) {
                     layoutPath = localOptions.template.templates +'/'+ layoutPath;
                 }
                 // default layout
-                if (
-                    !isWithoutLayout  && !fs.existsSync(layoutPath) && layoutPath == localOptions.template.templates +'/index.html'
+                if (
+                    !isWithoutLayout  && !fs.existsSync(layoutPath) && layoutPath == localOptions.template.templates +'/index.html'
                 ) {
                     console.warn('Layout '+ local.options.template.layout +' not found, replacing with `nolayout`: '+ localOptions.template.noLayout);
                     layoutPath = localOptions.template.noLayout
@@ -703,57 +740,57 @@ function SuperController(options) {
                     self.throwError(err);
                     return;
                 }
             }
             var isLoadingPartial = false;
-            try {
+            try {
                 assets  = {assets:"${assets}"};
                 /**
                  * retrieve template & layout
-                 * */
-                var tpl = null;
+                 * */
+                var tpl = null;
                 // tpl = fs.readFileSync(path).toString();
-                // layout = fs.readFileSync(layoutPath).toString();
+                // layout = fs.readFileSync(layoutPath).toString();
                 await Promise.all([
-                    readFile(layoutPath),
-                    readFile(path)
+                        readFile(layoutPath),
+                        readFile(path)
                     ])
-                    .then(([_layout, _tpl]) => {
+                    .then(([_layout, _tpl]) => {
                         layout  = _layout.toString();
                         tpl     = _tpl.toString();
                     })
                     .catch(error => {
-                    console.error(error.message);
-                    return;
-                });
+                        console.error(error.message);
+                        return;
+                    });
                 // mappin conf
                 mapping = { filename: path };
                 if (isRenderingCustomError) {
                     // TODO - Test if there is a block call `gina-error` in the layout & replace block name from tpl
                     if ( !/\{\%(\s+extends|extends)/.test(tpl) ) {
                         tpl = "\n{% extends '"+ layoutPath +"' %}\n" + tpl;
                     }
                     if (!/\{\% block content/.test(tpl)) {
                         // TODO - test if lyout has <body>
                         tpl = '{% block content %}<p>If you view this message you didn’t define a content block in your template.</p>{% endblock %}' + tpl;
-                    }
+                    }
                     tpl = tpl.replace(/\{\{ page\.content \}\}/g, '');
                 }
                 if ( isWithoutLayout || isWithSwigLayout) {
-                    layout = tpl;
+                    layout = tpl;
                 } else if (isUsingGinaLayout) {
                     mapping = { filename: path };
                     if ( /(\{\{|\{\{\s+)page\.content/.test(layout) ) {
                         if ( /\{\%(\s+extends|extends)/.test(tpl) ) {
                             err = new Error('You cannot use at the same time `page.content` in your layout `'+ layoutPath +'` while calling `extends` from your page or content `'+ path +'`. You have to choose one or the other');
                             self.throwError(local.res, 500, err);
@@ -761,9 +798,9 @@ function SuperController(options) {
                         }
                         layout = layout.replace('{{ page.content }}', tpl);
                     } else {
-                        layout = layout.replace(/\<\/body\>/i, '\t'+tpl+'\n</body>');
+                        layout = layout.replace(/\<\/body\>/i, '\t'+tpl+'\n</body>');
                     }
                 } else {
                     tpl = tpl.replace('{{ page.view.layout }}', data.page.view.layout);
                     if (/\<\/body\>/i.test(layout)) {
@@ -771,178 +808,201 @@ function SuperController(options) {
                     }
                         else {
                         layout += tpl;
-                    }
+                    }
                 }
                 // precompilation needed in case of `extends` or in order to display the toolbar
-                if ( hasViews() && self.isCacheless() || /\{\%(\s+extends|extends)/.test(layout) ) {
+                if ( hasViews() && self.isCacheless() || /\{\%(\s+extends|extends)/.test(layout) ) {
                     layout = swig.compile(layout, mapping)(data);
                 }
-                //dic['page.content'] = layout;
+                //dic['page.content'] = layout;
             } catch(err) {
                 err.stack = 'Exception, bad syntax or undefined data found: start investigating in '+ mapping.filename +'\n' + err.stack;
                 self.throwError(local.res, 500, err);
                 return
             }
-            isLoadingPartial = (
-                !/\<html/i.test(layout)
-                || !/\<head/i.test(layout)
-                || !/\<body/i.test(layout)
+            isLoadingPartial = (
+                !/\<html/i.test(layout)
+                || !/\<head/i.test(layout)
+                || !/\<body/i.test(layout)
             ) ? true : false;
             // if (isLoadingPartial) {
             //     console.warn('----------------> loading partial `'+ path);
             // }
-            isDeferModeEnabled = localOptions.template.javascriptsDeferEnabled || localOptions.conf.content.templates._common.javascriptsDeferEnabled || false;
+            isDeferModeEnabled = localOptions.template.javascriptsDeferEnabled || localOptions.conf.content.templates._common.javascriptsDeferEnabled || false;
             // iframe case - without HTML TAG
             if (!self.isXMLRequest() && !/\<html/.test(layout) ) {
                 layout = '<html>\n\t<head></head>\n\t<body class="gina-iframe-body">\n\t\t'+ layout +'\n\t</body>\n</html>';
-            }
+            }
             // adding stylesheets
             if (!isWithoutLayout && data.page.view.stylesheets && !/\{\{\s+(page\.view\.stylesheets)\s+\}\}/.test(layout) ) {
                 layout = layout.replace(/\<\/head\>/i, '\n\t{{ page.view.stylesheets }}\n</head>')
             }
             if (hasViews() && isWithoutLayout) {
                 // $.getScript(...)
                 //var isProxyHost = ( typeof(local.req.headers.host) != 'undefined' && localOptions.conf.server.scheme +'://'+ local.req.headers.host != localOptions.conf.hostname || typeof(local.req.headers[':authority']) != 'undefined' && localOptions.conf.server.scheme +'://'+ local.req.headers[':authority'] != localOptions.conf.hostname  ) ? true : false;
                 //var hostname = (isProxyHost) ? localOptions.conf.hostname.replace(/\:\d+$/, '') : localOptions.conf.hostname;
                 var scripts = data.page.view.scripts;
                 scripts = scripts.replace(/\s+\<script/g, '\n<script');
                 if (!isProxyHost) {
                     var webroot = data.page.environment.webroot;
                     scripts = scripts.replace(/src\=\"\/(.*)\"/g, 'src="'+ webroot +'$1"');
                     //stylesheets = stylesheets.replace(/href\=\"\/(.*)\"/g, 'href="'+ webroot +'$1"')
                 }
                 // iframe case - without HTML TAG
-                if (self.isXMLRequest() || !/\<html/.test(layout) ) {
-                    layout += scripts;
-                    //layout += stylesheets;
-                }
+                if (self.isXMLRequest() || !/\<html/.test(layout) ) {
+                    layout += scripts;
+                    //layout += stylesheets;
+                }
             }
             // adding plugins
+            // means that we don't want GFF context or we already have it loaded
+            viewInfos = JSON.clone(data.page.view);
+            if ( !isWithoutLayout )
+                    viewInfos.assets = assets;
             if (
-                hasViews() && self.isCacheless() && !isWithoutLayout
-                && localOptions.debugMode
-                ||
-                hasViews() && self.isCacheless() && !isWithoutLayout
-                && typeof(localOptions.debugMode) == 'undefined'
-                ||
-                hasViews() && localOptions.debugMode
+                hasViews() && self.isCacheless() && !isWithoutLayout
+                && localOptions.debugMode
+                ||
+                hasViews() && self.isCacheless() && !isWithoutLayout
+                && typeof(localOptions.debugMode) == 'undefined'
+                ||
+                hasViews() && localOptions.debugMode
             ) {
                 layout = ''
+                    // + '{%- set ginaDataInspector                    = JSON.clone(page) -%}'
                     + '{%- set ginaDataInspector                    = JSON.clone(page) -%}'
+                    // + '{%- set ginaDataInspector                    = { view: {}, environment: { routing: {}}} -%}'
                     + '{%- set ginaDataInspector.view.assets        = {} -%}'
                     + '{%- set ginaDataInspector.view.scripts       = "ignored-by-toolbar" -%}'
                     + '{%- set ginaDataInspector.view.stylesheets   = "ignored-by-toolbar" -%}'
                     + layout
                 ;
                 plugin = '\t'
                     + '{# Gina Toolbar #}'
                     + '{%- set userDataInspector                    = JSON.clone(page) -%}'
+                    // + '{%- set userDataInspector                    = { view: {}, environment: { routing: {}}} -%}'
                     + '{%- set userDataInspector.view.scripts       = "ignored-by-toolbar"  -%}'
                     + '{%- set userDataInspector.view.stylesheets   = "ignored-by-toolbar"  -%}'
                     + '{%- set userDataInspector.view.assets        = '+ JSON.stringify(assets) +' -%}'
-                    + '{%- include "'+ getPath('gina').core +'/asset/js/plugin/src/gina/toolbar/toolbar.html" with { gina: ginaDataInspector, user: userDataInspector } -%}'
-                    + '{# END Gina Toolbar #}'
+                    + '{%- include "'+ getPath('gina').core +'/asset/plugin/dist/vendor/gina/html/toolbar.html" with { gina: ginaDataInspector, user: userDataInspector } -%}'// jshint ignore:line
+                    + '{# END Gina Toolbar #}'
                 ;
                 if (isWithoutLayout && localOptions.debugMode || localOptions.debugMode ) {
-                    XHRData = '\t<input type="hidden" id="gina-without-layout-xhr-data" value="'+ encodeURIComponent(JSON.stringify(data.page.data)) +'">\n\r';
-                    layout = layout.replace(/<\/body>/i, XHRData + '\n\t</body>');
+                    if (self.isXMLRequest()) {
+                        XHRData = '\t<input type="hidden" id="gina-without-layout-xhr-data" value="'+ encodeRFC5987ValueChars(JSON.stringify(data.page.data)) +'">\n\r';
+                        XHRView = '\n<input type="hidden" id="gina-without-layout-xhr-view" value="'+ encodeRFC5987ValueChars(JSON.stringify(viewInfos)) +'">';
+                        if ( /<\/body>/i.test(layout) ) {
+                            layout = layout.replace(/<\/body>/i, XHRData + XHRView + '\n\t</body>');
+                        } else {
+                            // Popin case
+                            // Fix added on 2023-01-25
+                            layout += XHRData + XHRView + '\n\t'
+                        }
+                    }
                 }
                 if (self.isCacheless() || localOptions.debugMode ) {
                     layout = layout.replace(/<\/body>/i, plugin + '\n\t</body>');
                 }
                 // adding javascripts
-                layout.replace('{{ page.view.scripts }}', '');
+                layout.replace('{{ page.view.scripts }}', '');
                 // placed in the HEAD excepted when rendering a partial or when `isDeferModeEnabled` == true
                 if (isLoadingPartial) {
                     layout += '\t{{ page.view.scripts }}';
                 } else {
                     if ( isDeferModeEnabled  ) {
                         layout = layout.replace(/\<\/head\>/i, '\t{{ page.view.scripts }}\n\t</head>');
-                    } else { // placed in the BODY
+                    } else { // placed in the BODY
                         layout = layout.replace(/\<\/body\>/i, '\t{{ page.view.scripts }}\n</body>');
                     }
                 }
                 // ginaLoader cannot be deferred
                 if ( !localOptions.template.javascriptsExcluded || localOptions.template.javascriptsExcluded != '**' ) {
-                    layout = layout.replace(/\<\/head\>/i, '\t'+ localOptions.template.ginaLoader +'\n</head>');
+                    layout = layout.replace(/\<\/head\>/i, '\t'+ localOptions.template.ginaLoader +'\n</head>');
                 }
             } else if ( hasViews() && self.isCacheless() && self.isXMLRequest() ) {
-                if (isWithoutLayout) {
+                if (isWithoutLayout) {
                     delete data.page.view.scripts;
-                    delete data.page.view.stylesheets;
+                    delete data.page.view.stylesheets;
                 }
                 // means that we don't want GFF context or we already have it loaded
-                viewInfos = JSON.clone(data.page.view);
-                if ( !isWithoutLayout )
-                    viewInfos.assets = assets;
+                // viewInfos = JSON.clone(data.page.view);
+                // if ( !isWithoutLayout )
+                //     viewInfos.assets = assets;
-                XHRData = '\n<input type="hidden" id="gina-without-layout-xhr-data" value="'+ encodeURIComponent(JSON.stringify(data.page.data)) +'">';
-                XHRView = '\n<input type="hidden" id="gina-without-layout-xhr-view" value="'+ encodeURIComponent(JSON.stringify(viewInfos)) +'">';
+                XHRData = '\n<input type="hidden" id="gina-without-layout-xhr-data" value="'+ encodeRFC5987ValueChars(JSON.stringify(data.page.data)) +'">';
+                XHRView = '\n<input type="hidden" id="gina-without-layout-xhr-view" value="'+ encodeRFC5987ValueChars(JSON.stringify(viewInfos)) +'">';
+                if ( /<\/body>/i.test(layout) ) {
+                    layout = layout.replace(/<\/body>/i, XHRData + XHRView + '\n\t</body>');
+                } else {
+                    // Popin case
+                    // Fix added on 2023-01-25
+                    layout += XHRData + XHRView + '\n\t'
+                }
-                layout += XHRData + XHRView;
+                // layout += XHRData + XHRView;
             } else { // other envs like prod ...
                 // adding javascripts
                 // cleanup first
-                layout.replace('{{ page.view.scripts }}', '');
+                layout.replace('{{ page.view.scripts }}', '');
                 // placed in the HEAD excepted when rendering a partial or when `isDeferModeEnabled` == true
                 // if (isLoadingPartial) {
                 //     layout += '\t{{ page.view.scripts }}';
                 // } else {
                 //     if ( isDeferModeEnabled  ) {
                 //         layout = layout.replace(/\<\/head\>/i, '\t{{ page.view.scripts }}\n\t</head>');
-                //     } else { // placed in the BODY
+                //     } else { // placed in the BODY
                 //         layout = layout.replace(/\<\/body\>/i, '\t{{ page.view.scripts }}\n</body>');
                 //     }
                 // }
                 // // ginaLoader cannot be deferred
                 // if ( !localOptions.template.javascriptsExcluded || localOptions.template.javascriptsExcluded != '**' ) {
-                //     layout = layout.replace(/\<\/head\>/i, '\t'+ localOptions.template.ginaLoader +'\n</head>');
+                //     layout = layout.replace(/\<\/head\>/i, '\t'+ localOptions.template.ginaLoader +'\n</head>');
                 // }
                 // adding javascripts
                 layout.replace('{{ page.view.scripts }}', '');
-                if (isLoadingPartial) {
+                if (isLoadingPartial) {
                     layout += '\t{{ page.view.scripts }}\n';
                     if ( !localOptions.template.javascriptsExcluded || localOptions.template.javascriptsExcluded != '**' ) {
                         layout += '\t'+ localOptions.template.ginaLoader +'\n';
                     }
                 } else {
-                    if ( isDeferModeEnabled && /\<\/head\>/i.test(layout) ) { // placed in the HEAD
+                    if ( isDeferModeEnabled && /\<\/head\>/i.test(layout) ) { // placed in the HEAD
                         layout = layout.replace(/\<\/head\>/i, '\t{{ page.view.scripts }}\n\t</head>');
-                    } else { // placed in the BODY
+                    } else { // placed in the BODY
                         layout = layout.replace(/\<\/body\>/i, '\t{{ page.view.scripts }}\n</body>');
                     }
                     // ginaLoader cannot be deferred
@@ -951,20 +1011,20 @@ function SuperController(options) {
                     }
                 }
             }
             layout = whisper(dic, layout, /\{{ ([a-zA-Z.]+) \}}/g );
             dic['page.content'] = layout;
             /**
             // special case for template without layout in debug mode - dev only
             if ( hasViews() && localOptions.debugMode && self.isCacheless() && !/\{\# Gina Toolbar \#\}/.test(layout) ) {
-                try {
-                    layout = layout.replace(/<\/body>/i, plugin + '\n\t</body>');
+                try {
+                    layout = layout.replace(/<\/body>/i, plugin + '\n\t</body>');
                     layout = whisper(dic, layout, /\{{ ([a-zA-Z.]+) \}}/g );
                     //swig.invalidateCache();
-                    layout = swig.compile(layout, mapping)(data);
+                    layout = swig.compile(layout, mapping)(swigData);
                 } catch (err) {
                     filename = localOptions.template.html;
@@ -972,22 +1032,23 @@ function SuperController(options) {
                     self.throwError(local.res, 500, new Error('Compilation error encountered while trying to process template `'+ filename + '`\n'+(err.stack||err.message)));
                     return;
                 }
-            }
+            }
             else if (hasViews() && localOptions.debugMode && self.isCacheless()) {
                 try {
                     //layout = whisper(dic, layout, /\{{ ([a-zA-Z.]+) \}}/g );
-                    layout = swig.compile(layout, mapping)(data);
+                    layout = swig.compile(layout, mapping)(swigData);
                 } catch (err) {
                     filename = localOptions.template.html;
                     filename += ( typeof(data.page.view.namespace) != 'undefined' && data.page.view.namespace != '' && new RegExp('^' + data.page.view.namespace +'-').test(data.page.view.file) ) ? '/' + data.page.view.namespace + data.page.view.file.split(data.page.view.namespace +'-').join('/') + ( (data.page.view.ext != '') ? data.page.view.ext: '' ) : '/' + data.page.view.file+ ( (data.page.view.ext != '') ? data.page.view.ext: '' );
                     self.throwError(local.res, 500, new Error('Compilation error encountered while trying to process template `'+ filename + '`\n'+(err.stack||err.message)));
                     return;
                 }
-            }
-            */
+            }
+            */
-            if ( !local.res.headersSent ) {
+            // if ( !local.res.headersSent ) {
+            if ( !headersSent() ) {
                 local.res.statusCode = ( typeof(localOptions.conf.server.coreConfiguration.statusCodes[data.page.data.status])  != 'undefined' ) ? data.page.data.status : 200; // by default
                 //catching errors
                 if (
@@ -1004,62 +1065,64 @@ function SuperController(options) {
                 }
                 local.res.setHeader('content-type', localOptions.conf.server.coreConfiguration.mime['html'] + '; charset='+ localOptions.conf.encoding );
                 try {
                     // escape special chars
                     var blacklistRe = new RegExp('[\<\>]', 'g');
                     // DO NOT REPLACE IT BY JSON.clone() !!!!
                     data.page.data = JSON.parse(JSON.stringify(data.page.data).replace(blacklistRe, '\$&'));
                 } catch (err) {
                     filename = localOptions.template.html;
                     filename += ( typeof(data.page.view.namespace) != 'undefined' && data.page.view.namespace != '' && new RegExp('^' + data.page.view.namespace +'-').test(data.page.view.file) ) ? '/' + data.page.view.namespace + data.page.view.file.split(data.page.view.namespace +'-').join('/') + ( (data.page.view.ext != '') ? data.page.view.ext: '' ) : '/' + data.page.view.file+ ( (data.page.view.ext != '') ? data.page.view.ext: '' );
                     self.throwError(local.res, 500, new Error('Controller::render(...) compilation error encountered while trying to process template `'+ filename + '`\n' + (err.stack||err.message||err) ));
                     return;
                 }
                 // Only available for http/2.0 for now
                 if ( !self.isXMLRequest() && /http\/2/.test(localOptions.conf.server.protocol) ) {
                     try {
-                        // TODO - button in toolbar to empty url assets cache
+                        // TODO - button in toolbar to empty url assets cache
                         if ( /**  self.isCacheless() ||*/ typeof(localOptions.template.assets) == 'undefined' || typeof(localOptions.template.assets[local.req.url]) == 'undefined' ) {
                             // assets string -> object
                             //assets = self.serverInstance.getAssets(localOptions.conf, layout.toString(), swig, data);
                             assets = self.serverInstance.getAssets(localOptions.conf, layout, swig, data);
                             localOptions.template.assets = JSON.parse(assets);
                         }
                         //  only for toolbar - TODO hasToolbar()
                         if (
                             self.isCacheless() && hasViews() && !isWithoutLayout
                             || hasViews() && localOptions.debugMode
-                            || self.isCacheless() && hasViews() && self.isXMLRequest()
-                        ) {
-                            layout = layout.replace('{"assets":"${assets}"}', assets );
+                            || self.isCacheless() && hasViews() && self.isXMLRequest()
+                        ) {
+                            layout = layout.replace('{"assets":"${assets}"}', assets );
                         }
                     } catch (err) {
                         self.throwError(local.res, 500, new Error('Controller::render(...) calling getAssets(...) \n' + (err.stack||err.message||err) ));
                         return;
                     }
                 }
-                // Last compilation before rendering
-                layout = swig.compile(layout, mapping)(data);
-                if ( !local.res.headersSent ) {
+                // Last compilation before rendering
+                // Now we can use `data` instead of `swigData`
+                layout = swig.compile(layout, mapping)(data);
+                if ( !headersSent() ) {
                     if ( local.options.isRenderingCustomError ) {
                         local.options.isRenderingCustomError = false;
                     }
                     local.res.end(layout);
-                }
+                }
                 console.info(local.req.method +' ['+local.res.statusCode +'] '+ local.req.url);
-            } else if (typeof(local.next) != 'undefined') {
+            } else if (typeof(local.next) != 'undefined') {
                 // local.next();
                 return local.next();
             } else {
@@ -1075,7 +1138,7 @@ function SuperController(options) {
             return;
         }
     }
     this.isXMLRequest = function() {
         return local.options.isXMLRequest;
@@ -1102,21 +1165,21 @@ function SuperController(options) {
             return false
         }
         if ( self.isProcessingError ) {
-           return;
+           return;
         }
         var request     = local.req;
         var response    = local.res;
         var next        = local.next || null;
         // var stream      = null;
-        // if ( /http\/2/.test(local.options.conf.server.protocol) ) {
-        //     stream = response.stream;
+        // if ( /http\/2/.test(local.options.conf.server.protocol) ) {
+        //     stream = response.stream;
         // }
         if (!jsonObj) {
             jsonObj = {}
         }
         try {
             // just in case
             if ( typeof(jsonObj) == 'string') {
@@ -1126,7 +1189,7 @@ function SuperController(options) {
             // if( typeof(local.options) != "undefined" && typeof(local.options.charset) != "undefined" ){
             //     response.setHeader("charset", local.options.charset);
             // }
             //catching errors
             if (
@@ -1151,7 +1214,7 @@ function SuperController(options) {
                 response.setHeader('content-type', local.options.conf.server.coreConfiguration.mime['json'] + '; charset='+ local.options.conf.encoding)
             }
-            if ( !response.headersSent ) {
+            if ( !headersSent(response) ) {
                 console.info(request.method +' ['+ response.statusCode +'] '+ request.url);
                 if ( local.options.isXMLRequest && self.isWithCredentials() )  {
@@ -1164,17 +1227,17 @@ function SuperController(options) {
                     } else {
                         len = data.length
                     }
-                    if (!response.headersSent)
+                    if (!headersSent(response))
                         response.setHeader("content-length", len);
                     // if (stream && !stream.destroyed) {
                     //     //stream.respond(header);
                     //     stream.end(data);
                     // } else {
                         response.write(data);
                         // required to close connection
                         setTimeout(function () {
                             response.end();
@@ -1184,21 +1247,21 @@ function SuperController(options) {
                                 // Ignoring warning
                                 //console.warn(err);
                             }
                             if ( next ) {
                                 next()
                             }
                         }, 200);
                         return // force completion
                     // }
                 } else { // normal case
                     response.end(JSON.stringify(jsonObj));
-                    if (!response.headersSent) {
+                    if (!headersSent(response)) {
                         try {
                             response.headersSent = true;
                         } catch(err) {
@@ -1207,9 +1270,9 @@ function SuperController(options) {
                         }
                     }
                     if ( next ) {
-                        next()
+                        return next()
                     }
                     return;
                 }
             }
@@ -1239,7 +1302,7 @@ function SuperController(options) {
             local.res.setHeader('content-type', 'text/plain' + '; charset='+ local.options.conf.encoding);
         }
-        if ( !local.res.headersSent ) {
+        if ( !headersSent() ) {
             console.info(local.req.method +' ['+local.res.statusCode +'] '+ local.req.url);
             local.res.end(content);
             try {
@@ -1308,7 +1371,7 @@ function SuperController(options) {
      * Get data
      *
      * @param {String} variable Data name to set
-     * @returns {Object | String} data Data object or String
+     * @returns {Object | String} data Data object or String
      * */
     var get = function(variable) {
         return local.userData[variable]
@@ -1324,24 +1387,24 @@ function SuperController(options) {
             self.throwError(500, new Error('No views configuration found. Did you try to add views before using Controller::render(...) ? Try to run: gina view:add '+ options.conf.bundle +' @'+ options.conf.projectName));
             return;
         }
         var authority = ( typeof(local.req.headers['x-forwarded-proto']) != 'undefined' ) ? local.req.headers['x-forwarded-proto'] : local.options.conf.server.scheme;
         authority += '://'+ local.req.headers.host;
         var useWebroot = false;
         if ( !/^\/$/.test(local.options.conf.server.webroot) && local.options.conf.server.webroot.length > 0 && local.options.conf.hostname.replace(/\:\d+$/, '') == authority ) {
             useWebroot = true
         }
         var reURL = new RegExp('^'+ local.options.conf.server.webroot);
         var cssStr = '', jsStr = '';
         //Get css
         if( viewConf.stylesheets ) {
             cssStr  = getNodeRes('css', viewConf.stylesheets, useWebroot, reURL)
         }
         //Get js
-        if( viewConf.javascripts ) {
+        if( viewConf.javascripts ) {
             jsStr   = getNodeRes('js', viewConf.javascripts, useWebroot, reURL)
         }
@@ -1362,7 +1425,7 @@ function SuperController(options) {
      * @private
      * */
     var getNodeRes = function(type, resArr, useWebroot, reURL) {
         var r       = 0
             , rLen  = resArr.length
             , obj   = null
@@ -1370,7 +1433,7 @@ function SuperController(options) {
         ;
         switch(type){
             case 'css':
-                for (; r < rLen; ++r) {
+                for (; r < rLen; ++r) {
                     obj = resArr[r];
                     if (useWebroot && !reURL.test(obj.url) ) {
                         obj.url = local.options.conf.server.webroot + obj.url.substr(1);
@@ -1378,32 +1441,32 @@ function SuperController(options) {
                     // TODO - add support for cdn
                     if (!/\:\/\//.test(obj.url) ) {
                         obj.url = local.options.conf.hostname + obj.url;
-                    }
+                    }
                     if (obj.media)
-                        str += '\n\t\t<link href="'+ obj.url +'" media="'+ obj.media +'" rel="'+ obj.rel +'" type="'+ obj.type +'">';
+                        str += '\n\t\t<link href="'+ obj.url +'" media="'+ obj.media +'" rel="'+ obj.rel +'" type="'+ obj.type +'">';
                     else
-                        str += '\n\t\t<link href="'+ obj.url +'" rel="'+ obj.rel +'" type="'+ obj.type +'">';
+                        str += '\n\t\t<link href="'+ obj.url +'" rel="'+ obj.rel +'" type="'+ obj.type +'">';
                 }
                 return str;
             break;
             case 'js':
                 var deferMode = (local.options.template.javascriptsDeferEnabled) ? ' defer' : '';
                 for (; r < rLen; ++r) {
                     obj = resArr[r];
                     if (useWebroot && !reURL.test(obj.url) ) {
                         obj.url = local.options.conf.server.webroot + obj.url.substr(1);
                     }
-                    // TODO - add support for cdn
+                    // TODO - add support for cdn
                     if (!/\:\/\//.test(obj.url) ) {
                         obj.url = local.options.conf.hostname + obj.url;
                     }
-                    str += '\n\t\t<script'+ deferMode +' type="'+ obj.type +'" src="'+ obj.url +'"></script>'
+                    str += '\n\t\t<script'+ deferMode +' type="'+ obj.type +'" src="'+ obj.url +'"></script>'
                 }
                 return str;
             break;
         }
@@ -1419,17 +1482,17 @@ function SuperController(options) {
     var getData = function() {
         return refToObj( local.userData )
     }
     var isValidURL = function(url){
         var re = /(http|ftp|https|sftp):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&amp;:\/~+#-]*[\w@?^=%&amp;\/~+#-])?/;
         return (re.test(url)) ? true : false
     }
     /**
-     * Set method - Override current method
+     * Set method - Override current method
      * E.g.: in case of redirect, to force PUT to GET
-     *
+     *
      * @param {string} requestMethod - GET, POST, PUT, DELETE
      */
     var localRequestMethod = null, localRequestMethodParams = null;
@@ -1438,75 +1501,75 @@ function SuperController(options) {
         if ( /http\/2/i.test(conf.server.protocolShort) ) {
             local.req.headers[':method'] = local.req.method.toUpperCase()
         }
         localRequestMethod = local.req.method = local.req.routing.method = requestMethod.toUpperCase();
         local.res.setHeader('access-control-allow-methods', localRequestMethod);
-        return localRequestMethod;
+        return localRequestMethod;
     }
     this.getRequestMethod = function() {
         return localRequestMethod;
     }
     this.setRequestMethodParams = function(params) {
         localRequestMethodParams = local.req[local.req.method.toLowerCase()] = localRequestMethodParams = params
     }
     this.getRequestMethodParams = function() {
-        return (localRequestMethodParams) ? localRequestMethodParams : local.req[local.req.method.toLowerCase()]
+        return (localRequestMethodParams) ? localRequestMethodParams : local.req[local.req.method.toLowerCase()]
     }
     /**
      * isStaticRoute
      * Trying to determine if url is a `statics` ressource
-     *
+     *
      * @param {string} url
      * @param {string} method
-     *
+     *
      * @returns {boolean} isStaticRoute
      */
     var isStaticRoute = function(url, method, bundle, env, conf) {
         if ( !/get/i.test(method) ) {
             return false
         }
         // priority to statics - this portion of code has been duplicated to Server.js
         var staticsArr = conf[bundle][env].publicResources;
         var staticProps = {
             firstLevel          : '/' + url.split(/\//g)[1] + '/',
             // to be considered as a stativ content, url must content at least 2 caracters after last `.`: .js, .html are ok
             isStaticFilename    : /(\.([A-Za-z0-9]+){2}|\/)$/.test(url)
-        };
+        };
         // handle resources from public with webroot in url
         if ( staticProps.isStaticFilename && conf[bundle][env].server.webroot != '/' && staticProps.firstLevel == conf[bundle][env].server.webroot ) {
             var matchedFirstInUrl = url.replace(conf[bundle][env].server.webroot, '').match(/[A-Za-z0-9_-]+\/?/);
             if ( matchedFirstInUrl && matchedFirstInUrl.length > 0 ) {
                 staticProps.firstLevel = conf[bundle][env].server.webroot + matchedFirstInUrl[0]
-            }
+            }
         }
-        if (
-            staticProps.isStaticFilename && staticsArr.indexOf(url) > -1
-            || staticProps.isStaticFilename && staticsArr.indexOf( url.replace(url.substr(url.lastIndexOf('/')+1), '') ) > -1
+        if (
+            staticProps.isStaticFilename && staticsArr.indexOf(url) > -1
+            || staticProps.isStaticFilename && staticsArr.indexOf( url.replace(url.substr(url.lastIndexOf('/')+1), '') ) > -1
             || staticProps.isStaticFilename && staticsArr.indexOf(staticProps.firstLevel) > -1
         ) {
             return true
         }
         return false;
     }
     /**
      * redirect
      *
-     * TODO - improve redirect based on `utils.routing`
+     * TODO - improve redirect based on `lib.routing`
      * e.g.: self.redirect('project-get', { companyId: companyId, clientId: clientId, id: projectId }, true)
-     *
+     *
      * How to avoid redirect inside popin context
      * N.B.: When you are in a popin context, add an `id` to your template tag so it can be ignored by the default PopinHandler
      *    E.g.: id="delete-link" -> <a href="#" id="delete-link">delete</a>
@@ -1553,21 +1616,21 @@ function SuperController(options) {
      * `ignoreWebRoot` behaves the like set to `false` by default
      *
      * N.B.: Gina will tell browsers not to cache redirections if you are using `dev` environement
-     *
+     *
      * Trobleshouting:
      * ---------------
-     *
+     *
      * Redirecting to a popin from the controller while posting from a form
      *      If this does not work, like doing a real redirect, this
      *      only means that the ID you are using for the form might be
      *      a duplicate one from the the main document !!!
      *
-     * @param {object|string} req|rule - Request Object or Rule/Route name
+     * @param {object|string} req|rule|url - Request Object or Rule/Route name
      * @param {object|boolean} res|ignoreWebRoot - Response Object or Ignore WebRoot & start from domain root: /
      * @param {object} [params] TODO
      *
      * @callback [ next ]
-     * */
+     * */
     this.redirect = function(req, res, next) {
         var conf    = self.getConfig();
         var bundle  = conf.bundle;
@@ -1579,15 +1642,15 @@ function SuperController(options) {
         var ignoreWebRoot = null, isRelative = false;
         var originalUrl = null;
         var method = null;
-        var originalMethod = null;
+        var originalMethod = null;
         if ( typeof(req) === 'string' ) {
             // if ( typeof(res) == 'undefined') {
             //     // nothing to do
             //     ignoreWebRoot = false
-            // } else
-            if (typeof(res) === 'string' || typeof(res) === 'number' || typeof(res) === 'boolean') {
+            // } else
+            if (typeof(res) === 'string' || typeof(res) === 'number' || typeof(res) === 'boolean') {
                 if ( /true|1/.test(res) ) {
                     ignoreWebRoot = true
                 } else if ( /false|0/.test(res) ) {
@@ -1608,26 +1671,26 @@ function SuperController(options) {
                         ignoreWebRoot = false;
                     }
                 }
             }
             if ( req.substr(0,1) === '/') { // is relative (not checking if the URI is defined in the routing.json)
                 // if (wroot.substr(wroot.length-1,1) == '/') {
                 //     wroot = wroot.substr(wroot.length-1,1).replace('/', '')
                 // }
                 if ( /^\//.test(req) && !ignoreWebRoot )
                     req = req.substr(1);
                 rte             = ( ignoreWebRoot != null && ignoreWebRoot  ) ? req : wroot + req;
                 // cleaning url in case of ?param=value
-                originalUrl     = rte;
+                originalUrl     = rte;
                 rte             = rte.replace(/\?(.*)/, '');
                 req             = local.req;
-                originalMethod = ( typeof(req.originalMethod) != 'undefined') ? req.originalMethod :  req.method;
-                console.debug('[ BUNDLE ][ '+ local.options.conf.bundle +' ][ Controller ] trying to get route: ', rte, bundle, req.method);
-                if ( !ignoreWebRoot || !isStaticRoute(rte, req.method, bundle, env, ctx.config.envConf) && !ignoreWebRoot ) {
+                originalMethod = ( typeof(req.originalMethod) != 'undefined') ? req.originalMethod :  req.method;
+                console.debug('[ BUNDLE ][ '+ local.options.conf.bundle +' ][ Controller ] trying to get route: ', rte, bundle, req.method);
+                if ( !ignoreWebRoot || !isStaticRoute(rte, req.method, bundle, env, ctx.config.envConf) && !ignoreWebRoot ) {
                     req.routing     = lib.routing.getRouteByUrl(rte, bundle, req.method, req);
                     // try alternative method
                     if (!req.routing) {
@@ -1637,7 +1700,7 @@ function SuperController(options) {
                             method = req.method = 'GET'
                         }
                     }
                     //route = route = req.routing.name;
                 } else {
                     req.routing = {
@@ -1646,59 +1709,59 @@ function SuperController(options) {
                         }
                     }
                 }
                 res             = local.res;
                 next            = local.next;
                 isRelative      = true;
                 req.routing.param.path = rte
             } else if ( isValidURL(req) ) { // might be an URL
                 rte             = req;
-                originalUrl     = rte;
+                originalUrl     = rte;
                 rte             = rte.replace(/\?(.*)/, '');
                 req     = local.req;
                 res     = local.res;
                 next    = local.next;
                 req.routing.param.url = rte
             } else { // is by default a route name
                 if ( /\@/.test(req) ) {
                     var rteArr = req.split(/\//);
                     if ( typeof(rteArr[1]) != 'undefined' )
                         env = rteArr[1];
                     rte = route = rteArr[0];
                     rteArr = rteArr[0].split(/\@/);
                     bundle = rteArr[1];
                 } else {
                     rte = route = ( new RegExp('^/'+conf.bundle+'-$').test(req) ) ? req : wroot.match(/[^/]/g).join('') +'-'+ req;
                 }
                 req     = local.req;
                 res     = local.res;
                 next    = local.next;
                 req.routing.param.route = routing[rte]
-            }
+            }
         } else {
-            route = req.routing.param.route;
+            route = req.routing.param.route;
         }
         if ( !originalMethod ) {
             originalMethod = ( typeof(req.originalMethod) != 'undefined') ? req.originalMethod :  req.method;
         }
-        var path        = originalUrl || req.routing.param.path || '';
+        var path        = originalUrl || req.routing.param.path || '';
         var url         = req.routing.param.url;
-        var code        = req.routing.param.code || 301;
+        var code        = req.routing.param.code || 301;
-        var keepParams  = req.routing.param['keep-params'] || false;
+        var keepParams  = req.routing.param['keep-params'] || false;
         var condition   = true; //set by default for url @ path redirect
@@ -1710,20 +1773,20 @@ function SuperController(options) {
             var isProxyHost = ( typeof(local.req.headers.host) != 'undefined' && local.options.conf.server.scheme +'://'+ local.req.headers.host != local.options.conf.hostname || typeof(local.req.headers[':authority']) != 'undefined' && local.options.conf.server.scheme +'://'+ local.req.headers[':authority'] != local.options.conf.hostname  ) ? true : false;
             var hostname = (isProxyHost) ? ctx.config.envConf[bundle][env].hostname.replace(/\:\d+$/, '') : ctx.config.envConf[bundle][env].hostname;
             // if ( !/\:\d+$/.test(req.headers.host) )
             //     hostname = hostname.replace(/\:\d+$/, '');
             if (route) { // will go with route first
                 if ( /\,/.test(routing[route].url) ) {
                     var paths = routing[route].url.split(/\,/g);
                     path = (ignoreWebRoot) ? paths[0].replace(wroot, '') : paths[0];
                 } else {
                     path = (ignoreWebRoot) ? routing[route].url.replace(wroot, '') : routing[route].url;
                 }
-                if (bundle != conf.bundle) {
+                if (bundle != conf.bundle) {
                     path = hostname + path;
                 }
             } else if (url && !path) {
@@ -1737,59 +1800,60 @@ function SuperController(options) {
             // nothing to do, just ignoring
             //} else {
             } else if ( !path && typeof(isRelative) ==  'undefined' ) {
                 path = hostname + path
                 //path = local.req.headers.host + path
             }
-            if (!local.res.headersSent) {
+            if (!headersSent()) {
                 // backing up oldParams
                 var oldParams = local.req[originalMethod.toLowerCase()];
-                var requestParams = req[req.method.toLowerCase()] || {};
+                var requestParams = req[req.method.toLowerCase()] || {};
                 if ( typeof(requestParams) != 'undefined' && typeof(requestParams.error) != 'undefined' ) {
                     var redirectError = requestParams.error;
                     self.throwError(requestParams.error);
                     return;
                 }
-                if (
-                    !/GET/i.test(req.method)
-                    ||
-                    originalMethod && !/GET/i.test(originalMethod)
-                ) { // trying to redirect using the wrong method ?
+                if (
+                    !/GET/i.test(req.method)
+                    ||
+                    originalMethod && !/GET/i.test(originalMethod)
+                ) { // trying to redirect using the wrong method ?
                     console.warn(new Error('Your are trying to redirect using the wrong method: `'+ req.method+'`.\nThis can often occur while redirecting from a controller to another controller or from a bundle to another.\nA redirection is not permitted in this scenario.\nD\'ont panic :)\nSwitching request method to `GET` method instead.\n').message);
                     method = local.req.method = self.setRequestMethod('GET', conf);
-                    code = 303;
+                    code = 303;
                 }
+                var inheritedDataIsNeeded = ( req.method.toLowerCase() == originalMethod.toLowerCase() ) ? false: true;
                 // merging new & olds params
                 requestParams = merge(requestParams, oldParams);
                 // remove session to prevent reaching the 2000 chars limit
                 // if you need the session, you need to find another way to retrieve while in the next route
-                if ( typeof(requestParams.session) != 'undefined' ) {
+                if ( typeof(requestParams.session) != 'undefined' ) {
                     delete requestParams.session;
                 }
-                if ( typeof(requestParams) != 'undefined' && requestParams.count() > 0 ) {
+                if ( typeof(requestParams) != 'undefined' && requestParams.count() > 0 ) {
                     //if ( typeof(requestParams.error) != 'undefined' )
                     var inheritedData = null;
                     if ( /\?/.test(path) ) {
-                        inheritedData = '&inheritedData='+ encodeURIComponent(JSON.stringify(requestParams));
+                        inheritedData = '&inheritedData='+ encodeRFC5987ValueChars(JSON.stringify(requestParams));
                     } else {
-                        inheritedData = '?inheritedData='+ encodeURIComponent(JSON.stringify(requestParams));
-                    }
+                        inheritedData = '?inheritedData='+ encodeRFC5987ValueChars(JSON.stringify(requestParams));
+                    }
                     if ( inheritedData.length > 2000 ) {
                         var error = new ApiError('Controller::redirect(...) exceptions: `inheritedData` reached 2000 chars limit', 424);
                         self.throwError(error);
                         return;
                     }
                     // if redirecting from a xhrRequest
                     if ( self.isXMLRequest() ) {
                         // `requestParams` should be stored in the session to avoid passing datas in clear
@@ -1803,21 +1867,26 @@ function SuperController(options) {
                                 redirectObj.location += inheritedData;
                             }
                         }
                         self.renderJSON(redirectObj);
                         return;
                     }
-                    path += inheritedData;
-                }
+                    if (inheritedDataIsNeeded) {
+                        path += inheritedData;
+                    }
+                }
                 var ext = 'html';
                 res.setHeader('content-type', local.options.conf.server.coreConfiguration.mime[ext]);
-                if (
-                    typeof(local.res._headers) != 'undefined'
-                    && typeof(local.res._headers['access-control-allow-methods']) != 'undefined'
-                    && local.res._headers['access-control-allow-methods'] != req.method
+                var resHeaderACAM = res.getHeader('access-control-allow-methods');
+                if (
+                    // typeof(local.res._headers) != 'undefined'
+                    // && typeof(local.res._headers['access-control-allow-methods']) != 'undefined'
+                    // && local.res._headers['access-control-allow-methods'] != req.method
+                    typeof(resHeaderACAM) != 'undefined'
+                    && resHeaderACAM != req.method
                     ||
                     !new RegExp(req.method, 'i').test( res.getHeader('access-control-allow-methods') )
                 ) {
@@ -1825,11 +1894,11 @@ function SuperController(options) {
                 }
                 //path += '?query='+ JSON.stringify(self.getRequestMethodParams());
                 local.req[req.method.toLowerCase()] = self.getRequestMethodParams() || {};
                 var headInfos = {
-                    'location': path
-                };
+                    'location': path
+                };
                 if (self.isCacheless()) {
                     res.writeHead(code, merge(headInfos, {
                         'cache-control': 'no-cache, no-store, must-revalidate', // preventing browsers from using cache
@@ -1838,24 +1907,26 @@ function SuperController(options) {
                     }))
                 } else {
                     res.writeHead(code, headInfos)
-                }
-                // in case of query from another bundle waiting for a response
-                var redirectObject = JSON.stringify({ status: code, headers: headInfos });
-                res.end(redirectObject);
+                }
+                // in case of query from another bundle waiting for a response
+                var redirectObject = JSON.stringify({ status: code, headers: headInfos });
                 try {
+                    res.end(redirectObject);
                     local.res.headersSent = true;// done for the render() method
                 } catch(err){
                     // ignoring the warning
+                    // console.warn(err.stack);
                 }
                 console.info(local.req.method.toUpperCase() +' ['+code+'] '+ path);
                 if ( typeof(next) != 'undefined' )
                     next();
                 else
                     return;
             }
         }
     }
@@ -1896,16 +1967,19 @@ function SuperController(options) {
                 })
         }
     }
     this.getBundleStatus = function(req, res, next) {
+        var conf = self.getConfig();
         self.renderJSON({
             status: 200,
             isAlive: true,
-            message: 'I am alive !'
+            message: 'I am alive !',
+            // bundle: conf.bundle,
+            // project: conf.projectName
         });
     }
-    this.checkBundleStatus = async function(bundle, cb) {
+    this.checkBundleStatus = async function(bundle, cb) {
         var opt     = self.getConfig('app').proxy[bundle];
         var route   = lib.routing.getRoute('bundle-status@'+bundle);
         opt.method  = 'GET';
@@ -1915,29 +1989,35 @@ function SuperController(options) {
             .then( function onQueryResponse(_status) {
                 response = _status
             });
         if (cb) {
             cb(error, response);
         } else {
             return response;
         }
     }
     /**
      * downloadFromURL
      * Download from an URL
      *  - attachment/inline
      *  OR
-     *  - locally: `Controller.store(target, cb)` must be called to store on `onComplete` event
-     *
+     *  - locally: `Controller.store(target, cb)` must be called to store on `onComplete` event
+     *
+     *      - Will trigger on frontend : Failed to load resource: Frame load interrupted
+     *        because there is no `res.end()`: whitch is normal, we want to stay on the referrer page
+     *
+     *      - To avoid this, add to your download link the attribute `data-gina-link`
+     *        This will convert the regular HTTP Request to an XML Request
+     *
      * @param {string} url - eg.: https://upload.wikimedia.org/wikipedia/fr/2/2f/Firefox_Old_Logo.png
      * @param {object} [options]
-     *
-     *
+     *
+     *
      * */
     this.downloadFromURL = function(url, options) {
-        var defaultOptions = {
+        var defaultOptions = {
             // file name i  you want to rename the file
             file: null,
             fileSize: null,
@@ -1947,7 +2027,7 @@ function SuperController(options) {
             contentDisposition: 'attachment',
             // content-type (https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Configuring_server_MIME_types)
             contentType: 'application/octet-stream',
             agent: false,
             // set to false to ignore certificate verification
             rejectUnauthorized: true,
@@ -1957,9 +2037,9 @@ function SuperController(options) {
             keepAlive: true,
             headers: {}
         };
         var opt = ( typeof(options) != 'undefined' ) ? merge(options, defaultOptions) : defaultOptions;
         var requestOptions = {};
         for (var o in opt) {
             if ( !/(toLocalDir|contentDisposition|contentType|file)/.test(o) )
@@ -1968,130 +2048,135 @@ function SuperController(options) {
         // defining protocol & scheme
         var protocol    = null;
-        var scheme      = null;
+        var scheme      = null;
         if ( /\:\/\//.test(url) ) {
             scheme = url.match(/^\w+\:/)[0];
             scheme = scheme.substr(0, scheme.length-1);
             if ( !/^http/.test(scheme) ) {
                 self.throwError(local.res, 500, new Error('[ '+ scheme +' ] Scheme not supported. Ref.: `http` or `https` only'));
                 return;
             }
         } else { // by default
             scheme = 'http';
         }
         requestOptions.scheme = scheme +':';
         //defining port
         var port = url.match(/\:\d+\//) || null;
         if ( port != null ) {
             port = port[0].substr(1, port[0].length-2);
-            requestOptions.port = ~~port;
+            requestOptions.port = ~~port;
         }
         // defining hostname & path
         var parts = url.replace(new RegExp( scheme + '\:\/\/'), '').split(/\//g);
         requestOptions.host = parts[0].replace(/\:\d+/, '');
         requestOptions.path = '/' + parts.splice(1).join('/');
         // extension and mime
-        var filename    = url.split(/\//g).pop();
+        var filename    = url.split(/\//g).pop();
         if (!filename) {
             self.throwError(local.res, 500, new Error('Filename not found in url: `'+ url +'`'));
             return;
         }
         if ( !/\.\w+$/.test(filename) ) {
             self.throwError(local.res, 500, new Error('[ '+ filename +' ] extension not found.'));
             return;
         }
         // filename renaming
         if (opt.file)
             filename = opt.file;
         if ( opt.contentDisposition == 'attachment') {
             opt.contentDisposition += '; filename=' + filename;
         }
         var ext             = filename.match(/\.\w+$/)[0].substr(1)
             , contentType   = null
             , tmp           = _(GINA_TMPDIR +'/'+ filename, true)
         ;
         if ( typeof(local.options.conf.server.coreConfiguration.mime[ext]) != 'undefined' ) {
             contentType = (opt.contentType != defaultOptions.contentType) ? opt.contentType : local.options.conf.server.coreConfiguration.mime[ext];
         } else { // extension not supported
             self.throwError(local.res, 500, new Error('[ '+ ext +' ] Extension not supported. Ref.: gina/core mime.types'));
             return;
         }
         // defining responseType
         requestOptions.headers['content-type'] = contentType;
         requestOptions.headers['content-disposition'] = opt.contentDisposition;
         var browser = require(''+ scheme);
         //console.debug('requestOptions: \n', JSON.stringify(requestOptions, null, 4));
-        browser.get(requestOptions, function(response) {
-            local.res.setHeader('content-type', contentType + '; charset='+ local.options.conf.encoding);
-            local.res.setHeader('content-disposition', opt.contentDisposition);
-            if (opt.fileSize) {
-                local.res.setHeader('content-length', opt.fileSize);
-            }
-            //local.res.setHeader('content-length', opt.fileSize);
-            // local.res.setHeader('cache-control', 'must-revalidate');
-            // local.res.setHeader('pragma', 'must-revalidate');
-            // response.on('end', function onResponsePipeEnd(){
-            //     self.renderJSON({ url: url});
-            //     //local.res.end( Buffer.from(data) );
-            //     //local.res.headersSent = true;
-            //     // if ( typeof(local.next) != 'undefined')
-            //     //     local.next();
-            //     // else
-            //     //     return;
-            // });
-            response.pipe(local.res);
-        });
-        return;
+        browser
+            .get(requestOptions, function(response) {
+                local.res.setHeader('content-type', contentType + '; charset='+ local.options.conf.encoding);
+                local.res.setHeader('content-disposition', opt.contentDisposition);
+                if (opt.fileSize) {
+                    local.res.setHeader('content-length', opt.fileSize);
+                }
+                //local.res.setHeader('content-length', opt.fileSize);
+                // local.res.setHeader('cache-control', 'must-revalidate');
+                // local.res.setHeader('pragma', 'must-revalidate');
+                response.pipe(local.res);
+            })
+            .on('error', function onDownloadError(err) {
+                self.throwError(local.res, 500, err);
+            });
+        // Will trigger on frontend : Failed to load resource: Frame load interrupted
+        // because there is no `res.end()`: whitch is normal, we want to stay on the referrer page
+        // To avoid this, add to your download link the attribute `data-gina-link`
+        // This will convert the regular HTTP Request to an XML Request
     }
     /**
      * Download to targeted filename.ext - Will create target if new
      * Use `cb` callback or `onComplete` event
      *
+     *      - Will trigger on frontend : Failed to load resource: Frame load interrupted
+     *        because there is no `res.end()`: whitch is normal, we want to stay on the referrer page
+     *
+     *      - To avoid this, add to your download link the attribute `data-gina-link`
+     *        This will convert the regular HTTP Request to an XML Request
+     *
      * @param {string} filename
      * @param {object} options
      **/
     this.downloadFromLocal = function(filename) {
-        var file            = filename.split(/\//g).pop();
+        var file            = filename.split(/\//g).pop();
         var ext             = file.split(/\./g).pop()
             , contentType   = null
         ;
         if ( typeof(local.options.conf.server.coreConfiguration.mime[ext]) != 'undefined' ) {
             contentType = local.options.conf.server.coreConfiguration.mime[ext];
             local.res.setHeader('content-type', contentType);
-            local.res.setHeader('content-disposition', 'attachment; filename=' + file);
+            local.res.setHeader('content-disposition', 'attachment; filename=' + file);
             var filestream = fs.createReadStream(filename);
             filestream.pipe(local.res);
@@ -2099,7 +2184,7 @@ function SuperController(options) {
         } else { // extension not supported
             self.throwError(local.res, 500, new Error('[ '+ ext +' ] Extension not supported. Ref.: gina/core mime.types'));
             return;
-        }
+        }
     }
@@ -2122,17 +2207,17 @@ function SuperController(options) {
      * */
     this.store = async function(target, files, cb) {
         var start = function(target, files, cb) {
             if (arguments.length == 2 && typeof(arguments[1]) == 'function' ) {
                 var cb = arguments[1];
             }
             if ( typeof(files) == 'undefined' || typeof(files) == 'function' ) {
                 files = local.req.files
             }
             var uploadedFiles = [];
             if ( typeof(files) == 'undefined' || files.count() == 0 ) {
@@ -2155,25 +2240,25 @@ function SuperController(options) {
                         self.emit('uploaded', folder)
                     }
                 } else {
-                    // files list
-                    var fileName = null;
+                    // files list
+                    var fileName = null;
                     for (var len = files.length; i < len; ++i ){
-                        fileName = files[i].filename || files[i].originalFilename
+                        fileName = files[i].filename || files[i].originalFilename
                         list[i] = {
                             source: files[i].path,
                             target: _(uploadDir.toString() + '/' + fileName)
                         };
-                        uploadedFiles[i] = {
+                        uploadedFiles[i] = {
                             file        : fileName,
-                            filename    : list[i].target,
+                            filename    : list[i].target,
                             size        : files[i].size,
                             type        : files[i].type,
                             encoding    : files[i].encoding
                         };
                     }
                     movefiles(0, local.res, list, function (err) {
@@ -2279,7 +2364,7 @@ function SuperController(options) {
             } while (cert.fingerprint256 !== lastprint256);
         }*/
     };
     this.query = function() { // options, data, callback
@@ -2293,7 +2378,7 @@ function SuperController(options) {
             data = arguments[arguments.length-1]
         }
         // preventing multiple call of self.query() when controller is rendering from another required controller
-        if (
+        if (
             typeof(local.options) != 'undefined'
             && typeof(local.options.renderingStack) != 'undefined'
             && local.options.renderingStack.length > 1
@@ -2301,22 +2386,23 @@ function SuperController(options) {
             return false
         }
         self.isProcessingError = false; // by default
         var queryData           = {}
             , defaultOptions    = local.query.options
             , path              = options.path
-            , browser           = null
+            , browser           = null
         ;
         // options must be used as a copy in case of multiple calls of self.query(options, ...)
         options = merge(JSON.clone(options), defaultOptions);
+        // options = merge(options, defaultOptions);
         for (var o in options) {//cleaning
             if ( typeof(options[o]) == 'undefined' || options[o] == undefined) {
                 delete options[o]
             }
         }
         if (self.isCacheless() || self.isLocalScope() ) {
             options.rejectUnauthorized = false;
         }
@@ -2329,23 +2415,14 @@ function SuperController(options) {
             self.emit('query#complete', err)
         }
-        // if (arguments.length <3) {
-        //     if ( typeof(data) == 'function') {
-        //         var callback = data;
-        //         var data = undefined;
-        //     } else {
-        //         callback = undefined;
-        //     }
-        // }
         if ( typeof(data) != 'undefined' &&  data.count() > 0) {
             queryData = '?';
             // TODO - if 'application/json' && method == (put|post)
             if ( ['put', 'post'].indexOf(options.method.toLowerCase()) >-1 && /(text\/plain|application\/json|application\/x\-www\-form)/i.test(options.headers['content-type']) ) {
                 // replacing
-                queryData = encodeURIComponent(JSON.stringify(data))
+                queryData = encodeRFC5987ValueChars(JSON.stringify(data))
                 //queryData = JSON.stringify(data)
             } else {
@@ -2357,12 +2434,12 @@ function SuperController(options) {
                     if ( typeof(tmpData[d]) == 'object') {
                         tmpData[d] = JSON.stringify(tmpData[d]);
                     }
-                    queryData += d + '=' + encodeURIComponent(tmpData[d]) + '&';
+                    queryData += d + '=' + encodeRFC5987ValueChars(tmpData[d]) + '&';
                 }
                 queryData = queryData.substring(0, queryData.length-1);
                 queryData = queryData.replace(/\s/g, '%20');
                 options.path += queryData;
             }
@@ -2370,7 +2447,7 @@ function SuperController(options) {
             queryData = ''
         }
         // Internet Explorer override
         if ( local.req != null && /msie/i.test(local.req.headers['user-agent']) ) {
             options.headers['content-type'] = 'text/plain';
@@ -2389,7 +2466,7 @@ function SuperController(options) {
         //you need this, even when empty.
         options.headers['content-length'] = queryData.length;
         // adding gina headers
         if ( local.req != null && typeof(local.req.ginaHeaders) != 'undefined' ) {
             // gina form headers
@@ -2405,7 +2482,7 @@ function SuperController(options) {
         ;
         // cleanup options.path
         if (/\:\/\//.test(options.path)) {
             var hArr    = options.path.split(/^(https|http)\:\/\//);
             var domain  = hArr[1] +'://';
             var host    = hArr[2].split(/\//)[0];
@@ -2417,72 +2494,84 @@ function SuperController(options) {
                                 .replace(options.host, '')
                                 .replace(':'+port, '');
         }
         // retrieve protocol & scheme: if empty, take the bundles protocol
         protocol    = options.protocol || ctx.gina.config.envConf[ctx.bundle][ctx.env].server.protocol;// bundle servers's protocol by default
         protocol    = protocol.match(/[.a-z 0-9]+/ig)[0];
         scheme      = options.scheme || ctx.gina.config.envConf[ctx.bundle][ctx.env].server.scheme;// bundle servers's scheme by default
         scheme      = scheme.match(/[a-z 0-9]+/ig)[0];
+        // retrieve credentials
+        if ( typeof(options.ca) == 'undefined' || ! options.ca ) {
+            options.ca  = ctx.gina.config.envConf[ctx.bundle][ctx.env].server.credentials.ca;
+        }
         //retrieving dynamic host, hostname & port
         if ( /\@/.test(options.hostname) ) {
             var bundle = ( options.hostname.replace(/(.*)\:\/\//, '') ).split(/\@/)[0];
             // No shorcut possible because conf.hostname might differ from user inputs
             options.host        = ctx.gina.config.envConf[bundle][ctx.env].host.replace(/(.*)\:\/\//, '').replace(/\:\d+/, '');
             options.hostname    = ctx.gina.config.envConf[bundle][ctx.env].hostname;
             options.port        = ctx.gina.config.envConf[bundle][ctx.env].server.port;
             options.protocol    = ctx.gina.config.envConf[bundle][ctx.env].server.protocol;
             options.scheme      = ctx.gina.config.envConf[bundle][ctx.env].server.scheme;
+            // retrieve credentials
+            if ( typeof(options.ca) == 'undefined' || ! options.ca ) {
+                options.ca = ctx.gina.config.envConf[bundle][ctx.env].server.credentials.ca;
+            }
             // might be != from the bundle requesting
-            //options.protocol    = ctx.gina.config.envConf[bundle][ctx.env].content.settings.server.protocol || ctx.gina.config.envConf[bundle][ctx.env].server.protocol;
-            //options.scheme    = ctx.gina.config.envConf[bundle][ctx.env].content.settings.server.scheme || ctx.gina.config.envConf[bundle][ctx.env].server.scheme;
+            //options.protocol    = ctx.gina.config.envConf[bundle][ctx.env].content.settings.server.protocol || ctx.gina.config.envConf[bundle][ctx.env].server.protocol;
+            //options.scheme    = ctx.gina.config.envConf[bundle][ctx.env].content.settings.server.scheme || ctx.gina.config.envConf[bundle][ctx.env].server.scheme;
         }
         if ( typeof(options.protocol) == 'undefined' ) {
             options.protocol = protocol
         }
         if ( typeof(options.scheme) == 'undefined' ) {
             options.scheme = scheme
         }
         // reformating scheme
         if( !/\:$/.test(options.scheme) )
             options.scheme += ':';
-        try {
-            options.queryData = queryData;
+        try {
+            options.queryData = queryData;
             var protocolVersion = ~~options.protocol.match(/\/(.*)$/)[1].replace(/\.\d+/, '');
             var httpLib =  options.protocol.match(/^(.*)\//)[1] + ( (protocolVersion >= 2) ? protocolVersion : '' );
             if ( !/http2/.test(httpLib) && /https/.test(options.scheme) ) {
                 httpLib += 's';
             }
-            browser = require(''+ httpLib);
+            browser = require(''+ httpLib);
             if ( /http2/.test(httpLib) ) {
                 return handleHTTP2ClientRequest(browser, options, callback);
             } else {
-                return handleHTTP1ClientRequest(browser, options, callback);
-            }
+                return handleHTTP1ClientRequest(browser, options, callback);
+            }
         } catch(err) {
             if (callback) {
                 return callback(err)
             }
             self.emit('query#complete', err)
         }
     }
     var handleHTTP1ClientRequest = function(browser, options, callback) {
         var altOpt = JSON.clone(options);
         altOpt.protocol = options.scheme;
         altOpt.hostname = options.host;
         altOpt.port     = options.port;
@@ -2492,24 +2581,24 @@ function SuperController(options) {
             } catch(err) {
                 self.emit('query#complete', err);
             }
         } else {
             console.warn('[ CONTROLLER ][ HTTP/1.0#query ] options.encKey not found !');
         }
         if ( typeof(altOpt.encCert) != 'undefined' ) {
             try {
                 altOpt.encCert = fs.readFileSync(options.encCert);
             } catch(err) {
                 self.emit('query#complete', err);
             }
         } else {
             console.warn('[ CONTROLLER ][ HTTP/1.0#query ] options.encCert not found !');
         }
         altOpt.agent = new browser.Agent(altOpt);
         var req = browser.request(altOpt, function(res) {
             res.setEncoding('utf8');
@@ -2526,24 +2615,24 @@ function SuperController(options) {
             });
             res.on('end', function onEnd(err) {
                 // exceptions filter
                 if ( typeof(data) == 'string' && /^Unknown ALPN Protocol/.test(data) ) {
                     err = {
                         status: 500,
                         error: new Error(data)
                     };
                     if ( typeof(callback) != 'undefined' ) {
                         callback(err)
                     } else {
                         self.emit('query#complete', err)
                     }
                     return
                 }
                 //Only when needed.
                 if ( typeof(callback) != 'undefined' ) {
                     if ( typeof(data) == 'string' && /^(\{|%7B|\[{)|\[\]/.test(data) ) {
@@ -2573,7 +2662,7 @@ function SuperController(options) {
                         exception.status = 500;
                         self.throwError(exception);
                         return;
-                    }
+                    }
                 } else {
                     if ( typeof(data) == 'string' && /^(\{|%7B|\[{)|\[\]/.test(data) ) {
@@ -2600,14 +2689,14 @@ function SuperController(options) {
         //starting from from >0.10.15
         req.on('error', function onError(err) {
             if (
-                typeof(err.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(err.code)
-                || typeof(err.cause) != 'undefined' && typeof(err.cause.code) != 'undefined' &&  /ECONNREFUSED|ECONNRESET/.test(err.cause.code)
+                typeof(err.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(err.code)
+                || typeof(err.cause) != 'undefined' && typeof(err.cause.code) != 'undefined' &&  /ECONNREFUSED|ECONNRESET/.test(err.cause.code)
             ) {
-                var port = getContext('gina').ports[options.protocol][options.scheme.replace(/\:/, '')][ options.port ];//err.port || err.cause.port
+                var port = getContext('gina').ports[options.protocol][options.scheme.replace(/\:/, '')][ options.port ];//err.port || err.cause.port
                 if ( typeof(port) != 'undefined' ) {
                     err.accessPoint = port;
                     err.message = '`Controller::query()` could not connect to [ ' + err.accessPoint + ' ] using port '+options.port+'.\n';
@@ -2626,7 +2715,7 @@ function SuperController(options) {
             } else {
                 var error = {
                     status    : 500,
-                    error     : err.stack || err.message
+                    error     : err.stack || err.message
                 };
                 self.emit('query#complete', error)
@@ -2667,30 +2756,30 @@ function SuperController(options) {
                         exception.status = 500;
                         self.throwError(exception);
                         return;
-                    }
+                    }
                 })
             }
         }
     }
     var handleHTTP2ClientRequest = function(browser, options, callback) {
-        //cleanup
+        //cleanup
         options[':authority'] = options.hostname;
         delete options.host;
         if ( typeof(options[':path']) == 'undefined' ) {
             options[':path'] = options.path;
             delete options.path;
-        }
+        }
         if ( typeof(options[':method']) == 'undefined' ) {
             options[':method'] = options.method.toUpperCase();
             delete options.method;
         }
-        // only if binary !!
+        // only if binary !!
         // if ( typeof(options['content-length']) == 'undefined' ) {
         //     options['content-length'] = options.headers['content-length'] ;
         //     delete options.headers['content-length'];
@@ -2699,11 +2788,11 @@ function SuperController(options) {
         //     options['content-type'] = options.headers['content-type'] ;
         //     delete options.headers['content-type'];
         // }
         if ( typeof(options[':scheme']) == 'undefined' ) {
             options[':scheme'] = options.scheme ;
         }
         if ( typeof(options.ca) != 'undefined' ) {
             try {
                 options.ca = fs.readFileSync(options.ca);
@@ -2713,58 +2802,58 @@ function SuperController(options) {
                 } else {
                     self.emit('query#complete', err);
                 }
                 return;
             }
         } else {
             console.warn('[ CONTROLLER ][ HTTP/2.0#query ] options.ca not found !');
         }
         var body = Buffer.from(options.queryData);
-        options.headers['content-length'] = body.length;
+        options.headers['content-length'] = body.length;
         delete options.queryData;
-        const client = browser.connect(options.hostname, options);
+        const client = browser.connect(options.hostname, options);
         const {
             HTTP2_HEADER_PROTOCOL,
-            HTTP2_HEADER_SCHEME,
+            HTTP2_HEADER_SCHEME,
             HTTP2_HEADER_AUTHORITY,
             HTTP2_HEADER_PATH,
             HTTP2_HEADER_METHOD,
             HTTP2_HEADER_STATUS
           } = browser.constants;
         if ( typeof(local.req.headers['x-requested-with']) != 'undefined' ) {
             options.headers['x-requested-with'] = local.req.headers['x-requested-with']
         }
         if ( typeof(local.req.headers['access-control-allow-credentials']) != 'undefined' ) {
             options.headers['access-control-allow-credentials'] = local.req.headers['access-control-allow-credentials']
         }
         if ( typeof(local.req.headers['content-type']) != 'undefined' && local.req.headers['content-type'] != options.headers['content-type'] ) {
             options.headers['content-type'] = local.req.headers['content-type']
         }
-        var headers = merge({
+        var headers = merge({
             [HTTP2_HEADER_METHOD]: options[':method'],
-            [HTTP2_HEADER_PATH]: options[':path']
+            [HTTP2_HEADER_PATH]: options[':path']
         }, options.headers);
         // merging with user options
         for (var o in options) {
             if (!/^\:/.test(o) && !/headers/.test(o) && typeof(headers[o]) == 'undefined' ) {
                 headers[o] = options[o]
             }
         }
         /**
          * sessionOptions
          * endStream <boolean> true if the Http2Stream writable side should be closed initially, such as when sending a GET request that should not expect a payload body.
@@ -2778,55 +2867,55 @@ function SuperController(options) {
             endStream = false;
             sessionOptions.endStream = endStream;
         }
         client.on('error', (error) => {
             console.error( '`'+ options[':path']+ '` : '+ error.stack||error.message);
-            if (
-                typeof(error.cause) != 'undefined' && typeof(error.cause.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(error.cause.code)
-                || /ECONNREFUSED|ECONNRESET/.test(error.code)
+            if (
+                typeof(error.cause) != 'undefined' && typeof(error.cause.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(error.cause.code)
+                || /ECONNREFUSED|ECONNRESET/.test(error.code)
             ) {
                 var port = getContext('gina').ports[options.protocol][options.scheme.replace(/\:/, '')][ options.port ];
                 if ( typeof(port) != 'undefined' ) {
                     error.accessPoint = port;
                     error.message = 'Could not connect to [ ' + error.accessPoint + ' ].\nThe `'+port.split(/\@/)[0]+'` bundle is offline or unreachable.\n';
-                }
+                }
             }
             self.throwError(error);
             return;
         });
         client.on('connect', () => {
             var req = client.request( headers, sessionOptions );
-            // req.on('response', function onQueryResponse(headers, flags) {
+            // req.on('response', function onQueryResponse(headers, flags) {
             //     for (const name in headers) {
             //         console.debug(`${name}: ${headers[name]}`);
             //     }
             // });
             req.setEncoding('utf8');
             var data = '';
-            req.on('data', function onQueryDataChunk(chunk) {
-                data += chunk;
+            req.on('data', function onQueryDataChunk(chunk) {
+                data += chunk;
             });
             req.on('error', function onQueryError(error) {
-                if (
-                    typeof(error.cause) != 'undefined' && typeof(error.cause.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(error.cause.code)
-                    || /ECONNREFUSED|ECONNRESET/.test(error.code)
+                if (
+                    typeof(error.cause) != 'undefined' && typeof(error.cause.code) != 'undefined' && /ECONNREFUSED|ECONNRESET/.test(error.cause.code)
+                    || /ECONNREFUSED|ECONNRESET/.test(error.code)
                 ) {
                     var port = getContext('gina').ports[options.protocol][options.scheme.replace(/\:/, '')][ options.port ];
                     if ( typeof(port) != 'undefined' ) {
                         error.accessPoint = port;
                         error.message = 'Could not connect to [ ' + error.accessPoint + ' ].\n' + error.message;
-                    }
+                    }
                 }
@@ -2834,7 +2923,7 @@ function SuperController(options) {
                 // you can get here if :
                 //  - you are trying to query using: `enctype="multipart/form-data"`
                 //  - server responded with an error
-                if ( typeof(callback) != 'undefined' ) {
+                if ( typeof(callback) != 'undefined' ) {
                     callback(error);
                 } else {
                     error = {
@@ -2844,28 +2933,28 @@ function SuperController(options) {
                     self.emit('query#complete', error)
                 }
                 return;
             });
-            req.on('end', function onEnd() {
+            req.on('end', function onEnd() {
                 // exceptions filter
                 if ( typeof(data) == 'string' && /^Unknown ALPN Protocol/.test(data) ) {
                     var err = {
                         status: 500,
                         error: new Error(data)
                     };
                     if ( typeof(callback) != 'undefined' ) {
                         callback(err)
                     } else {
                         self.emit('query#complete', err)
                     }
                     return
                 }
                 //Only when needed.
                 if ( typeof(callback) != 'undefined' ) {
                     if ( typeof(data) == 'string' && /^(\{|%7B|\[{)|\[\]/.test(data) ) {
@@ -2896,24 +2985,24 @@ function SuperController(options) {
                         if ( data.status && /^3/.test(data.status) && typeof(data.headers) != 'undefined' ) {
                             local.res.writeHead(data.status, data.headers);
                             return local.res.end();
-                        }
+                        }
                         if ( data.status && !/^2/.test(data.status) && typeof(local.options.conf.server.coreConfiguration.statusCodes[data.status]) != 'undefined' ) {
                               if ( /^5/.test(data.status)  ) {
-                                  return callback(data)
+                                  return callback(data)
                               } else {
                                   self.throwError(data);
                                   return;
-                              }
+                              }
                         } else {
                             // required when control is used in an halted state
                             // Ref.: resumeRequest()
                             if ( self && self.isHaltedRequest() && typeof(local.onHaltedRequestResumed) != 'undefined' ) {
                                 local.onHaltedRequestResumed(false);
                             }
-                            return callback( false, data )
+                            return callback( false, data )
                         }
                     } catch (e) {
                         var infos = local.options, controllerName = infos.controller.substr(infos.controller.lastIndexOf('/'));
                         var msg = 'Controller Query Exception while catching back.\nBundle: '+ infos.bundle +'\nController File: /controllers'+ controllerName +'\nControl: this.'+ infos.control +'(...)\n\r' + e.stack;
@@ -2921,8 +3010,8 @@ function SuperController(options) {
                         exception.status = 500;
                         self.throwError(exception);
                         return;
-                    }
+                    }
                 } else {
                     if ( typeof(data) == 'string' && /^(\{|%7B|\[{)|\[\]/.test(data) ) {
                         try {
@@ -2935,13 +3024,13 @@ function SuperController(options) {
                             self.emit('query#complete', data)
                         }
                     }
                     // intercepting fallback redirect
                     if ( data.status && /^3/.test(data.status) && typeof(data.headers) != 'undefined' ) {
                         self.removeAllListeners(['query#complete']);
                         local.res.writeHead(data.status, data.headers);
                         return local.res.end();
-                    }
+                    }
                     if ( data.status && !/^2/.test(data.status) && typeof(local.options.conf.server.coreConfiguration.statusCodes[data.status]) != 'undefined' ) {
                         self.emit('query#complete', data)
@@ -2953,22 +3042,22 @@ function SuperController(options) {
                         }
                         self.emit('query#complete', false, data)
                     }
-                }
+                }
                 client.close();
             });
             if (!endStream) {
                 req.end(body);
             }
         });
         return {
             onComplete  : function(cb) {
                 self.once('query#complete', function(err, data){
                     if ( typeof(data) == 'string' && /^(\{|%7B|\[{)|\[\]/.test(data) ) {
                         try {
                             data = JSON.parse(data)
@@ -2979,7 +3068,7 @@ function SuperController(options) {
                             }
                         }
                     }
                     try {
                         if ( data.status && !/^2/.test(data.status) && typeof(local.options.conf.server.coreConfiguration.statusCodes[data.status]) != 'undefined') {
                             cb(data)
@@ -2989,7 +3078,7 @@ function SuperController(options) {
                             if ( self.isHaltedRequest() && typeof(local.onHaltedRequestResumed) != 'undefined' ) {
                                 local.onHaltedRequestResumed(err);
                             }
                             cb(err, data)
                         }
                     } catch (e) {
@@ -2999,7 +3088,7 @@ function SuperController(options) {
                         exception.status = 500;
                         self.throwError(exception);
                         return;
-                    }
+                    }
                 })
             }
         }
@@ -3066,8 +3155,8 @@ function SuperController(options) {
         }
         req.getParam = function(name) {
-            var param   = null;
+            var param   = null;
             switch( req.method.toLowerCase() ) {
                 case 'get':
                     param = req.get[name];
@@ -3089,24 +3178,24 @@ function SuperController(options) {
             return param
         }
     }
     /**
-     * Forward request
+     * Forward request
      * Allowing x-bundle forward
      * Attention: this is a work in progres, do not use it yet
-     *
-     * @param {object} req
-     * @param {object} res
-     * @param {callback} next
-     * @returns
+     *
+     * @param {object} req
+     * @param {object} res
+     * @param {callback} next
+     * @returns
      */
     this.forward = function(req, res, next) {
         var route   = req.routing;
         if ( typeof(route.param.url) == 'undefined' || /^(null|\s*)$/.test(route.param.url) ) {
             self.throwError( new Error('`route.param.url` must be defiend in your route: `'+ route.rule +'`') );
             return;
-        }
+        }
         var param = {};
         for (let p in route.param) {
             if ( /^(url|urlIndex|control|file|title|bundle|project|hostname|port|path|method)$/.test(p) ) {
@@ -3138,14 +3227,14 @@ function SuperController(options) {
             port        = route.param.port;
             path        = route.param.port;
         }
         var method = null;
         if ( typeof(route.param.method) != 'undefined' ) {
             method = route.param.method.toLowerCase();
         } else {
             method = req.method.toLowerCase();
         }
         var opt = {
             ca: ca,
             hostname: hostname,
@@ -3156,7 +3245,7 @@ function SuperController(options) {
         if (self.isCacheless() || self.isLocalScope() ) {
             opt.rejectUnauthorized = false;
         }
         var obj = req[ req.method.toLowerCase() ];
         // if ( req.files != 'undefined' ) {
         //     obj.files = req.files;
@@ -3166,17 +3255,17 @@ function SuperController(options) {
                 self.throwError(err);
                 return;
             }
             // TODO - filter : redirect & location
-            // if ( self.isXMLRequest() || !hasViews() || !local.options.isUsingTemplate && !hasViews() || hasViews() && !local.options.isUsingTemplate ) {
+            // if ( self.isXMLRequest() || !hasViews() || !local.options.isUsingTemplate && !hasViews() || hasViews() && !local.options.isUsingTemplate ) {
                 self.renderJSON(result)
             // } else {
             //     self.render(result)
-            // }
+            // }
         });
     }
     /**
      * Get config
@@ -3193,6 +3282,8 @@ function SuperController(options) {
                 //config = Object.freeze(local.options.conf.content[name]);
                 //Object.seal(local.options.conf.content[name]);
                 //Object.freeze(local.options.conf.content[name]);
+                // if ( self.isCacheless() ) {
+                // }
                 return JSON.clone(local.options.conf.content[name]);
             } catch (err) {
                 return undefined;
@@ -3206,6 +3297,7 @@ function SuperController(options) {
     /**
      * Get locales
+     * Will take only supported lang
      *
      * @param {string} [shortCountryCode] - e.g. EN
      *
@@ -3231,29 +3323,27 @@ function SuperController(options) {
         /**
          * Get countries list
          *
-         * @param {string} [code] - e.g.: short, long, fifa, m49
+         * @param {string} [code] - e.g.: officialStateName, isoShort, isoLong, continent, capital, currency.name
          *
          * @returns {object} countries - countries code & value list
          * */
         var getCountries = function (code) {
-            var list = {}, cde = 'short', name = null;
+            var list = [], cde = 'countryName';
             if ( typeof(code) != 'undefined' && typeof(userLocales[0][code]) == 'string' ) {
                 cde = code
-            } else if ( typeof(code) != 'undefined' ) (
+            } else if ( typeof(code) != 'undefined' ) {
                 console.warn('`'+ code +'` not supported : sticking with `short` code')
-            )
-            for ( var i = 0, len = userLocales.length; i< len; ++i ) {
-                if (userLocales[i][cde]) {
+            }
-                    name = userLocales[i].officialName.short || userLocales[i].full;
-                    if ( name )
-                        list[ userLocales[i][cde] ] = name;
-                }
+            for ( let i = 0, len = userLocales.length; i< len; ++i ) {
+                list[ i ] = {
+                    isoShort: userLocales[i].isoShort,
+                    isoLong: userLocales[i].isoLong,
+                    countryName: userLocales[i].countryName,
+                    officialStateName: userLocales[i].officialStateName
+                };
             }
             return list
@@ -3261,6 +3351,7 @@ function SuperController(options) {
         return {
             'getCountries': getCountries
+            // TODO - getCurrencies()
         }
     }
@@ -3297,8 +3388,8 @@ function SuperController(options) {
                 } else {
                     rules = JSON.clone(local.options.conf.content.forms).rules[form.id] || null;
                 }
-                if (!rules) {
+                if (!rules) {
                     rules = {};
                     console.warn('[CONTROLLER]['+ local.options.conf.bundle +'][Backend validation] did not find matching rules for form.id `'+ form.id +'` for  `'+ bundle+' bundle`. Do not Panic if you did not defined any.')
                 }
@@ -3307,40 +3398,40 @@ function SuperController(options) {
                 return;
             }
         }
         return rules;
     }
     this.push = function(payload) {
         var req = local.req, res = local.res;
         var method  = req.method.toLowerCase();
         // if no session defined, will push to all active clients
         var sessionId = ( typeof(req[method].sessionID) != 'undefined' ) ? req[method].sessionID : null;
         // resume current session
-        if (!payload) {
-            payload     = null;
+        if (!payload) {
+            payload     = null;
             if ( typeof(req[method]) != 'undefined' && typeof(req[method].payload) != 'undefined' ) {
                 if ( typeof(payload) == 'string' ) {
                     payload = decodeURIComponent(req[method].payload)
                 } else {
                     payload =  JSON.stringify(req[method].payload)
-                }
+                }
             }
         } else if ( typeof(payload) == 'object' ) {
             payload = JSON.stringify(payload)
-        }
+        }
         try {
             var clients = null;
             if (sessionId) {
                 clients = self.serverInstance.eio.getClientsBySessionId(sessionId);
                 if (clients)
                     clients.send(payload);
-            }
+            }
             // send to all clients if no specific sessionId defined
             if (!sessionId) {
                 clients = self.serverInstance.eio.clients;
@@ -3348,14 +3439,14 @@ function SuperController(options) {
                     clients[id].send(payload)
                 }
             }
             res.end();
         } catch(err) {
             self.throwError(err);
             return;
-        }
+        }
     }
     var getSession = function() {
         var session = null;
         if ( typeof(local.req.session) != 'undefined') {
@@ -3365,10 +3456,10 @@ function SuperController(options) {
         if (!session && typeof(local.req.session) != 'undefined' && typeof(local.req.session.user) != 'undefined') {
             session = local.req.session.user;
         }
         return session;
     }
     this.isHaltedRequest = function(session) {
         // trying to retrieve session since it is optional
         if ( typeof(session) == 'undefined' ) {
@@ -3381,24 +3472,24 @@ function SuperController(options) {
             //     session = local.req.session.user;
             // }
             if (
-                !session
-                ||
+                !session
+                ||
                 typeof(session) != 'undefined'
                 && typeof(session.haltedRequest) == 'undefined'
             ) {
                 return false;
             }
         }
         return (typeof(session.haltedRequest) != 'undefined' ) ? true : false;
     }
     local.haltedRequestUrlResumed = false;
     this.pauseRequest = function(data, requestStorage) {
         // saving halted request
         var req             = local.req
             , res           = local.res
@@ -3410,22 +3501,22 @@ function SuperController(options) {
                 data    : JSON.clone(data)
             }
         ;
         if (
             typeof(requestStorage) == 'undefined'
             && typeof(req.session) != 'undefined'
         ) {
             requestStorage = req.session;
         }
         if (
-            typeof(requestStorage) == 'undefined'
+            typeof(requestStorage) == 'undefined'
         ) {
             var error = new ApiError('`requestStorage` is required', 424);
             self.throwError(error);
             return;
         }
         var requestParams = {}, i = 0;
         for (var p in req.params) {
             if (i > 0) {
@@ -3436,13 +3527,13 @@ function SuperController(options) {
         if (requestParams.count() > 0) {
             haltedRequest.params = requestParams;
         }
         requestStorage.haltedRequest = haltedRequest;
         return requestStorage;
     }
     /**
      * resumeRequest
      * Used to resume an halted request
@@ -3450,35 +3541,35 @@ function SuperController(options) {
      *  - a middleware attached `haltedRequest` to userSession
      * OR
      * - a persistant object where `haltedRequest` is attached
-     *
-     * @param {object} req
-     * @param {object} res
+     *
+     * @param {object} req
+     * @param {object} res
      * @param {callback|null} next
      * @param {object} [requestStorage] - Will try to use sessionStorage if not passed
      */
     this.resumeRequest = function(requestStorage) {
         if (local.haltedRequestUrlResumed)
             return;
         var haltedRequest   = null
             , req           = local.req
             , res           = local.res
             , next          = local.next
         ;
         if (
             typeof(requestStorage) == 'undefined'
             && typeof(req.session) != 'undefined'
         ) {
             requestStorage = req.session;
         }
         if (
-            typeof(requestStorage) == 'undefined'
+            typeof(requestStorage) == 'undefined'
             ||
-            typeof(requestStorage) != 'undefined'
-            && typeof(requestStorage.haltedRequest) == 'undefined'
+            typeof(requestStorage) != 'undefined'
+            && typeof(requestStorage.haltedRequest) == 'undefined'
         ) {
             var error = new ApiError('`requestStorage.haltedRequest` is required', 424);
             self.throwError(error);
@@ -3493,11 +3584,11 @@ function SuperController(options) {
             if (req.method.toLowerCase() == method) {
                 data = merge(data, req[method])
             }
-            delete req[method];
+            delete req[method];
         }
         var dataAsParams    = {};
         if (data.count() > 0) {
             dataAsParams = JSON.clone(haltedRequest.data);
@@ -3509,25 +3600,45 @@ function SuperController(options) {
                 requiredController = self.requireController(haltedRequest.routing.namespace, self._options );
             } catch (err) {
                 self.throwError(err);
-            }
+            }
         }
         req.routing     = haltedRequest.routing;
         req.method      = haltedRequest.method;
         req[haltedRequest.method] = data;
         local.haltedRequestUrlResumed = true;
-        if ( /GET/i.test(req.method) ) {
+        if ( /GET/i.test(req.method) ) {
             if ( typeof(requestStorage.haltedRequest) != 'undefined' ) {
                 delete requestStorage.haltedRequest;
             }
             delete requestStorage.haltedRequest;
             delete requestStorage.inheritedData;
             requestStorage.haltedRequestUrlResumed = url;
+            if (
+                typeof(req.routing.param.isPopinContext) != 'undefined'
+                && /^true$/i.test(req.routing.param.isPopinContext)
+                && self.isXMLRequest()
+            ) {
+                return self.renderJSON({
+                    isXhrRedirect: true,
+                    popin: {
+                        url: url
+                    }
+                })
+            }
+            else if (self.isXMLRequest() ) {
+                return self.renderJSON({
+                    isXhrRedirect: true,
+                    location: url
+                })
+            }
             requiredController.redirect(url, true);
         } else {
             local.onHaltedRequestResumed = function(err) {
-                if (!err) {
+                if (!err) {
                     delete requestStorage.haltedRequest;
                     delete requestStorage.inheritedData;
                 }
@@ -3535,7 +3646,7 @@ function SuperController(options) {
             if ( typeof(next) == 'function' ) {
                 console.warn('About to override `next` param');
             }
             try {
                 requiredController[req.routing.param.control](req, res, next);
                 // consuming it
@@ -3544,12 +3655,12 @@ function SuperController(options) {
                 console.error('[ BUNDLE ][ '+ local.options.conf.bundle +' ][ Controller ] Could not resume haltedRequest\n' + err.stack );
                 self.throwError(err);
             }
-        }
+        }
     }
     this.renderCustomError = function (req, res, next) {
         // preventing multiple call of self.renderWithoutLayout() when controller is rendering from another required controller
@@ -3559,16 +3670,19 @@ function SuperController(options) {
         local.options.isRenderingCustomError = true;
         //local.options.isWithoutLayout = true;
         var data = null;
         if ( typeof(req.routing.param.error) != 'undefined' ) {
             data = JSON.clone(req.routing.param.error) || {};
             delete req.routing.param.error
         }
         var session = getSession();
         if (session) {
-            data.session = JSON.clone(session)
+            if (!data) {
+                data = {}
+            }
+            data.session = ( typeof(session.user) != 'undefined' ) ? JSON.clone(session.user) : JSON.clone(session);
         }
         var displayToolbar = req.routing.param.displayToolbar || false;
         if (req.routing.param.displayToolbar) {
@@ -3603,13 +3717,27 @@ function SuperController(options) {
                 //assets: {}
             };
             errOptions = merge(localOptions, local.options);
         }
         delete local.options.namespace;
         self.render(data, displayToolbar, errOptions);
     }
+    var getResponseProtocol = function (response) {
+        // var options =  local.options;
+        // var protocolVersion = ~~options.conf.server.protocol.match(/\/(.*)$/)[1].replace(/\.\d+/, '');
+        var protocol    = 'http/'+ local.req.httpVersion; // inheriting request protocol version by default
+        var bundleConf  = options.conf;
+        // switching protocol to h2 when possible
+        if ( /http\/2/.test(bundleConf.server.protocol) && response.stream ) {
+            protocol    = bundleConf.server.protocol;
+        }
+        return protocol;
+    }
     /**
      * Throw error
@@ -3621,9 +3749,14 @@ function SuperController(options) {
      * @returns {void}
      * */
     this.throwError = function(res, code, msg) {
+        var protocol        = getResponseProtocol(res);
+        var stream          = ( /http\/2/.test(protocol) && res.stream ) ? res.stream : null;
+        var header          = ( /http\/2/.test(protocol) && res.stream ) ? {} : null;
         self.isProcessingError = true;
         var errorObject = null; // to be returned
         // preventing multiple call of self.throwError() when controller is rendering from another required controller
         if (local.options.renderingStack.length > 1) {
             return false
@@ -3634,21 +3767,22 @@ function SuperController(options) {
         // err.fallback must be a valide route object or a url string
         var fallback = null;
         var standardErrorMessage = null;
-        if (
-            arguments[0] instanceof Error
+        if (
+            arguments[0] instanceof Error
             || arguments.length == 1 && typeof(res) == 'object'
             || arguments[arguments.length-1] instanceof Error
-            || typeof(arguments[arguments.length-1]) == 'string' && !(arguments[0] instanceof Error)
+            || typeof(arguments[arguments.length-1]) == 'string' && !(arguments[0] instanceof Error)
         ) {
-            code    = ( res && typeof(res.status) != 'undefined' ) ?  res.status : 500;
+            msg    = ( !/^\d+$/.test(code) && typeof(msg) == 'undefined' ) ?  code : msg;
+            code    = ( res && typeof(res.status) != 'undefined' ) ?  res.status : 500;
             if ( typeof(statusCodes[code]) != 'undefined' ) {
                 standardErrorMessage = statusCodes[code];
             } else {
                 console.warn('[ ApiValidator ] statusCode `'+ code +'` not matching any definition in `'+_( getPath('gina').core + '/status.codes')+'`\nPlease contact the Gina dev team to add one if required');
             }
             errorObject = {
                 status  : code,
                 error   : res.error || res.message || standardErrorMessage
@@ -3663,17 +3797,18 @@ function SuperController(options) {
                 } else if (res.message) {
                     console.warn('[ Controller ] Ignoring message because of the format.\n'+res.message)
                 }
             } else if ( typeof(arguments[arguments.length-1]) == 'string' ) {
                 // formated error
-                errorObject.message = arguments[arguments.length-1]
+                errorObject.message = arguments[arguments.length-1] || msg
+                // errorObject = merge(arguments[arguments.length-1], errorObject)
             } else if (
-                arguments[arguments.length-1] instanceof Error
-                || typeof(res) == 'object' && typeof(res.stack) != 'undefined'
+                arguments[arguments.length-1] instanceof Error
+                || typeof(res) == 'object' && typeof(res.stack) != 'undefined'
             ) {
                 errorObject = merge(arguments[arguments.length-1], errorObject)
             }
             if ( typeof(res.fallback) != 'undefined' ) {
                 fallback = res.fallback
             }
@@ -3685,27 +3820,33 @@ function SuperController(options) {
             code          = res || 500;
             res           = local.res;
         }
-        var responseHeaders = res.getHeaders() || local.res.getHeaders();
+        var responseHeaders = null;
+        if ( typeof(res.getHeaders) == 'undefined' && typeof(res.stream) != 'undefined' ) {
+            responseHeaders = res.stream.sentHeader;
+        } else {
+            responseHeaders = res.getHeaders() || local.res.getHeaders();
+        }
+        // var responseHeaders = res.getHeaders() || local.res.getHeaders();
         var req             = local.req;
         var next            = local.next;
-        if (!res.headersSent) {
+        if (!headersSent()) {
             // DELETE request methods don't normaly use a view,
             // but if we are calling it from a view, we should render the error back to the view
-            if ( self.isXMLRequest() || !hasViews() && !/delete/i.test(req.method) || !local.options.isUsingTemplate && !hasViews() || hasViews() && !local.options.isUsingTemplate ) {
+            if ( self.isXMLRequest() || !hasViews() && !/delete/i.test(req.method) || !local.options.isUsingTemplate && !hasViews() || hasViews() && !local.options.isUsingTemplate ) {
                 // fallback interception
-                if ( fallback ) {
+                if ( fallback ) {
                     if ( typeof(fallback) == 'string' ){ // string url: user provided
                         return self.redirect( fallback, true )
                     } else {
                         // else, using url from route object
                         // Reminder
                         // Here, we use route.toUrl() intead of
-                        // route.url to support x-bundle com
+                        // route.url to support x-bundle com
                         return self.redirect( fallback.toUrl() );
                     }
                 }
                 // allowing this.throwError(err)
                 if ( typeof(code) == 'object' && !msg && typeof(code.status) != 'undefined' && typeof(code.error) != 'undefined' ) {
                     msg     = code.error || code.message;
@@ -3717,7 +3858,7 @@ function SuperController(options) {
                     console.warn('[ ApiValidator ] statusCode `'+ code +'` not matching any definition in `'+_( getPath('gina').core + '/status.codes')+'`\nPlease contact the Gina dev team to add one if required');
                 }
-                // if ( !local.res.getHeaders()['content-type'] /**!req.headers['content-type'] */  ) {
+                // if ( !local.res.getHeaders()['content-type'] /**!req.headers['content-type'] */  ) {
                 //     // Internet Explorer override
                 //     if ( typeof(req.headers['user-agent']) != 'undefined' && /msie/i.test(req.headers['user-agent']) ) {
                 //         res.writeHead(code, "content-type", "text/plain")
@@ -3725,7 +3866,7 @@ function SuperController(options) {
                 //         res.writeHead(code, { 'content-type': bundleConf.server.coreConfiguration.mime['json']} );
                 //     }
                 // }
                 // TODO - test with internet explorer then remove this if working
                 if ( typeof(req.headers['user-agent']) != 'undefined' ) {
                     if ( /msie/i.test(req.headers['user-agent']) ) {
@@ -3743,8 +3884,8 @@ function SuperController(options) {
                     res.writeHead(code, "content-type", bundleConf.server.coreConfiguration.mime['json']+ '; charset='+ bundleConf.encoding);
                 }
                 if (!errorObject) {
                     errorObject = {
                         status: code,
@@ -3754,7 +3895,7 @@ function SuperController(options) {
                         stack: msg.stack
                     }
                 }
                 var errOutput = null, output = errorObject.toString();
                 if ( output == '[object Object]' ) {
                     errOutput = JSON.stringify(errorObject);
@@ -3762,21 +3903,23 @@ function SuperController(options) {
                     errOutput = JSON.stringify(
                         {
                             status  : errorObject.status,
-                            error   : output
+                            error   : output,
+                            stack   : errorObject.stack || null
                         }
                     );
                 }
-                console.error('[ BUNDLE ][ '+ bundleConf.bundle +' ][ Controller ] '+ req.method +' ['+res.statusCode +'] '+ req.url +'\n'+ errOutput);
+                // console.error('[ BUNDLE ][ '+ bundleConf.bundle +' ][ Controller ] '+ req.method +' ['+res.statusCode +'] '+ req.url +'\n'+ errorObject);
+                console.error('[ BUNDLE ][ '+ bundleConf.bundle +' ][ Controller ] '+ req.method +' ['+res.statusCode +'] '+ req.url +'\n'+ errOutput);
                 return res.end(errOutput);
             } else {
-                console.error(req.method +' ['+ errorObject.status +'] '+ req.url);
+                console.error(req.method +' ['+ errorObject.status +'] '+ req.url + '\n'+ (errorObject.stack||errorObject.message));
                  // intercept none HTML mime types
-                 var url                     = unescape(local.req.url) /// avoid %20
+                 var url                     = decodeURI(local.req.url) /// avoid %20
                     , ext                   = null
                     , isHtmlContent         = false
                     , hasCustomErrorFile    = false
@@ -3788,9 +3931,12 @@ function SuperController(options) {
                 }
                 if ( !ext || /^(html|htm)$/i.test(ext) ) {
                     isHtmlContent = true;
+                    if (!ext) {
+                        ext = 'html'
+                    }
                 }
-                if (
+                if (
                     isHtmlContent
                     && typeof(bundleConf.content.templates._common.errorFiles) != 'undefined'
                     && typeof(bundleConf.content.templates._common.errorFiles[code]) != 'undefined'
@@ -3810,11 +3956,11 @@ function SuperController(options) {
                         //message                 : errorObject.message || msg || null,
                         pathname                : url
                     };
                     if ( errorObject ) {
                         eData = merge(errorObject, eData);
                     }
                     if ( typeof(msg) == 'object' ) {
                         if ( typeof(msg.stack) != 'undefined' ) {
                             eData.stack = msg.stack
@@ -3823,8 +3969,8 @@ function SuperController(options) {
                             eData.message = msg.message
                         }
                     }
-                    if (
-                        code
+                    if (
+                        code
                         // See: framework/${version}/core/status.code
                         && typeof(bundleConf.server.coreConfiguration.statusCodes[code]) != 'undefined'
                     ) {
@@ -3834,33 +3980,33 @@ function SuperController(options) {
                     // if ( typeof(local.req.routing) != 'undefined' ) {
                     //     eData.routing = local.req.routing;
                     // }
                     if (typeof(bundleConf.content.templates._common.errorFiles[code]) != 'undefined') {
                         eFilename = bundleConf.content.templates._common.errorFiles[code];
                     } else {
                         eFilename = bundleConf.content.templates._common.errorFiles[eCode];
                     }
                     if (!local.options.isRenderingCustomError) {
                         var eRule = 'custom-error-page@'+ bundle;
                         var routeObj = bundleConf.content.routing[eRule];
                         routeObj.rule = eRule;
-                        //routeObj.url = unescape(local.req.url);/// avoid %20
+                        //routeObj.url = decodeURI(local.req.url);/// avoid %20
                         routeObj.param.title = ( typeof(eData.title) != 'undefined' ) ? eData.title : 'Error ' + eData.status;
                         routeObj.param.file = eFilename;
                         routeObj.param.error = eData;
                         routeObj.param.displayToolbar = self.isCacheless();
                         routeObj.param.isLocalOptionResetNeeded = true;
                         local.req.routing = routeObj;
                         local.req.params.errorObject = errorObject;
                         self.renderCustomError(local.req, res, local.next);
                         return;
                     }
                 }
                 // if (!errorObject) {
                 //     errorObject = {
                 //         status: code,
@@ -3871,7 +4017,7 @@ function SuperController(options) {
                 //     }
                 // }
                 var msgString = '<h1 class="status">Error '+ code +'.</h1>';
                 console.error('[ BUNDLE ][ '+ local.options.conf.bundle +' ][ Controller ] `this.'+ req.routing.param.control +'(...)` ['+res.statusCode +'] '+ req.url);
                 if ( typeof(msg) == 'object' ) {
@@ -3913,7 +4059,7 @@ function SuperController(options) {
                     if (typeof(errorObject) != 'undefined' && errorObject  && typeof(errorObject.stack) != 'undefined' ) {
                         stack = errorObject.stack
                     }
                     if (title) {
                         msgString += '<pre class="'+ eCode +' title">'+ title +'</pre>';
                     }
@@ -3922,7 +4068,7 @@ function SuperController(options) {
                     }
                     if (stack) {
                         msgString += '<pre class="'+ eCode +' stack">'+ stack +'</pre>';
-                    }
+                    }
                 }
                 res.writeHead(code, { 'content-type': bundleConf.server.coreConfiguration.mime[ext]+'; charset='+ bundleConf.encoding } );
                 // if ( isHtmlContent && hasCustomErrorFile ) {
@@ -3931,15 +4077,19 @@ function SuperController(options) {
                 //if ( isHtmlContent && !hasCustomErrorFile ) {
                     res.end(msgString);
                 //}
                 return;
             }
         } else {
             if (typeof(next) != 'undefined')
                 return next();
         }
-        res.end();
-        return;
+        if ( /http\/2/.test(protocol) ) {
+            return stream.end();
+        }
+        return res.end();
     }
     // converting references to objects