Add --adapt-scheme flag to rewrite HTTPS URLs to HTTP in server responses#94
Merged
swissspidy merged 3 commits intomainfrom Mar 15, 2026
Merged
Add --adapt-scheme flag to rewrite HTTPS URLs to HTTP in server responses#94swissspidy merged 3 commits intomainfrom
--adapt-scheme flag to rewrite HTTPS URLs to HTTP in server responses#94swissspidy merged 3 commits intomainfrom
Conversation
github-actions
bot
added
command:server
…ponses Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix server on
Add Mar 15, 2026
http:// returning https:// links--adapt-scheme flag to rewrite HTTPS URLs to HTTP in server responses
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
swissspidy
reviewed
Mar 15, 2026
There was a problem hiding this comment.
Pull request overview
This PR adds an --adapt-scheme flag to wp server to rewrite HTTPS links back to HTTP in served responses, addressing cases where HTTPS URLs come from sources that bypass existing home/siteurl option filters (e.g., attachment metadata, hardcoded content).
Changes:
- Add
--adapt-schemeflag towp serverand pass enablement to the child PHP process viaWPCLI_SERVER_ADAPT_SCHEME. - Add an output-buffer callback in
router.phpthat rewriteshttps://<original-host>tohttp://<current-host>across the response body. - Add a Behat scenario asserting HTTPS URLs are rewritten to HTTP when the flag is enabled.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/Server_Command.php |
Introduces --adapt-scheme and sets an env var before starting the PHP built-in server process. |
router.php |
Adds response-body rewriting via ob_start() when WPCLI_SERVER_ADAPT_SCHEME is present. |
features/server.feature |
Adds an integration scenario verifying rewritten URLs in output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+126
to
+130
| return str_replace( | ||
| 'https://' . $original_host, | ||
| 'http://' . $_SERVER['HTTP_HOST'], | ||
| $buffer | ||
| ); |
Comment on lines
+125
to
+129
| $original_host = _get_full_host( $GLOBALS['wpcli_server_original_url'] ); | ||
| return str_replace( | ||
| 'https://' . $original_host, | ||
| 'http://' . $_SERVER['HTTP_HOST'], | ||
| $buffer |
| * | ||
| * @param array<string> $args Positional arguments passed through to the PHP binary. | ||
| * @param array{host: string, port: string, docroot?: string, config?: string} $assoc_args Associative arguments passed to the command. | ||
| * @param array{host: string, port: string, docroot?: string, config?: string, 'adapt-scheme'?: bool} $assoc_args Associative arguments passed to the command. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a site is configured with HTTPS URLs in the database,
wp server(which runs on plain HTTP) leaves HTTPS URLs in responses that bypass the existingoption_home/option_siteurlfilters — e.g. attachment URLs, site icon URLs, and hardcoded post content.Changes
src/Server_Command.php— Adds[--adapt-scheme]flag. When set, callsputenv('WPCLI_SERVER_ADAPT_SCHEME=1')beforeproc_open()so the child PHP process inherits it.router.php— WhenWPCLI_SERVER_ADAPT_SCHEMEis set, registers anob_start()callback that replaceshttps://<original-host>→http://<server-host>across the full response. Uses$GLOBALS['wpcli_server_original_url'](already populated by theoption_homefilter) to identify the original host. No-ops gracefully when WordPress hasn't loaded (e.g. static PHP files).features/server.feature— New scenario: configures a WP install with HTTPS siteurl/home, injects a hardcoded HTTPS URL via an mu-pluginwp_headfilter (bypassing all existing option filters), and asserts the response contains onlyhttp://URLs.Usage
# Site was configured with https://example.com; serve locally over HTTP with adapted links wp server --adapt-schemeWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/usr/bin/php /usr/bin/php /home/REDACTED/work/server-command/server-command/vendor/wp-cli/wp-cli/bin/../php/boot-fs.php core install --url=REDACTED --title=WP CLI Site --admin_user=admin --admin_email=admin@example.com --admin_password=password1 --skip-email(dns block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
http://returnshttps://links #51✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.