Force the REST API endpoint to HTTPS when appropriate

[johnbillion]

Given a site which runs over http but the admin area runs over https (for example via FORCE_SSL_ADMIN), the REST API endpoint will point to an http URL in the admin area. This makes the endpoint inaccessible to clients due to cross-protocol restrictions.

An example of where this is visible is the ​REST API Console plugin.

If the host name of the REST API endpoint matches the host name of the current request, then the REST API endpoint URL can be forced to https.

Previous discussion:

• ​https://github.com/WP-API/WP-API/issues/259
• ​https://github.com/WP-API/rest-api-console/issues/30

[rachelbaker]

Related issue and discussion: ​https://github.com/WP-API/WP-API/issues/259

[johnbillion]

In 35342:

Force the REST API URL to use https for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL.

This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

[johnbillion]

In 35344:

Remove the failing test_rest_url_scheme() test while it's investigated.

See #34299

[johnbillion]

In 35349:

Revert [34352], pending investigation.

See #34299

[johnbillion]

In 35351:

Force the REST API URL to use https for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL.

This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299