Sandbox should not be disabled in https whenever a method is not marked as https explictly

[tonivdv]

This PR is to enhance issue #283 and fixes issue #330.

What I did is to only disable the sandbox whenever a method has been explicitly marked as https and accessed through http. But whenever you access through https a method not explicitly marked it will allow it too!

@SimonSimCity does that break something for you?

[SimonSimCity]

Have you set an additional http-header? I documented what I got when I tried what you're requesting here:

https://github.com/nelmio/NelmioApiDocBundle/pull/283/files#diff-d54056867729d3fa16536eed2bdd1715R196

Don't you get that error without having set the http-header?

[tonivdv]

I don't have any additional header, but I don't get an error, I just get the "Please reload the scheme" which is showed while browsing through https because my method is not explicitly marked as 'https'.

Hope you see what I mean.

[SimonSimCity]

Tried it now. There's no downside for me - just that http-only requests do not work. But as @stof wrote earlier, it's quite unusual to set a request to be http-only ... So, I think this works out.

[tonivdv]

Thank you @SimonSimCity for checking.

@willdurand Can you merge and perform a bug fix release?

[willdurand]

thx

[willdurand]

Done. 2.5.1

[tonivdv]

thx to you too ;)