If no trusted_proxy, don't allow other variables

This way we don't accidentally mislead users into thinking those
settings are doing anything when they are not.

waitress/adjustments.py

@@ -101,7 +101,7 @@ class Adjustments(object):
         ('ipv6', asbool),
         ('listen', aslist),
         ('threads', int),
-        ('trusted_proxy', str),
+        ('trusted_proxy', str_iftruthy),
         ('trusted_proxy_count', int),
         ('trusted_proxy_headers', asset),
         ('log_untrusted_proxy_headers', asbool),
@@ -367,6 +367,19 @@ def __init__(self, **kw):
             except:
                 raise ValueError('Invalid host/port specified.')
 
+        if (
+            self.trusted_proxy is None and
+            (
+                self.trusted_proxy_headers or
+                (self.clear_untrusted_proxy_headers is not _bool_marker)
+            )
+        ):
+            raise ValueError(
+                "The values trusted_proxy_headers and clear_untrusted_proxy_headers "
+                "have no meaning without setting trusted_proxy. Cowardly refusing to "
+                "continue."
+            )
+
         if self.trusted_proxy_headers:
             self.trusted_proxy_headers = {header.lower() for header in self.trusted_proxy_headers}
 
@@ -395,7 +408,7 @@ def __init__(self, **kw):
             )
             self.trusted_proxy_headers = {'x-forwarded-proto'}
 
-        if self.clear_untrusted_proxy_headers is _bool_marker:
+        if self.trusted_proxy and self.clear_untrusted_proxy_headers is _bool_marker:
             warnings.warn(
                 'In future versions of Waitress clear_untrusted_proxy_headers will be '
                 'set to True by default. You may opt-out by setting this value to '

waitress/tests/test_adjustments.py

@@ -302,25 +302,34 @@ def test_dont_use_unsupported_socket_types(self):
 
     def test_dont_mix_forwarded_with_x_forwarded(self):
         with self.assertRaises(ValueError) as cm:
-            self._makeOne(trusted_proxy_headers={'forwarded', 'x-forwarded-for'})
+            self._makeOne(trusted_proxy='localhost', trusted_proxy_headers={'forwarded', 'x-forwarded-for'})
 
         self.assertIn('The Forwarded proxy header', str(cm.exception))
 
     def test_unknown_trusted_proxy_header(self):
         with self.assertRaises(ValueError) as cm:
-            self._makeOne(trusted_proxy_headers={'forwarded', 'x-forwarded-unknown'})
+            self._makeOne(trusted_proxy='localhost', trusted_proxy_headers={'forwarded', 'x-forwarded-unknown'})
 
         self.assertIn(
             'unknown trusted_proxy_headers value (x-forwarded-unknown)',
             str(cm.exception)
         )
 
+    def test_trusted_proxy_headers_no_trusted_proxy(self):
+        with self.assertRaises(ValueError) as cm:
+            self._makeOne(trusted_proxy_headers={'forwarded'})
+
+        self.assertIn(
+            'Cowardly refusing to continue.',
+            str(cm.exception)
+        )
+
     def test_trusted_proxy_headers_string_list(self):
-        inst = self._makeOne(trusted_proxy_headers='x-forwarded-for x-forwarded-by')
+        inst = self._makeOne(trusted_proxy='localhost', trusted_proxy_headers='x-forwarded-for x-forwarded-by')
         self.assertEqual(inst.trusted_proxy_headers, {'x-forwarded-for', 'x-forwarded-by'})
 
     def test_trusted_proxy_headers_string_list_newlines(self):
-        inst = self._makeOne(trusted_proxy_headers='x-forwarded-for\nx-forwarded-by\nx-forwarded-host')
+        inst = self._makeOne(trusted_proxy='localhost', trusted_proxy_headers='x-forwarded-for\nx-forwarded-by\nx-forwarded-host')
         self.assertEqual(inst.trusted_proxy_headers, {'x-forwarded-for', 'x-forwarded-by', 'x-forwarded-host'})
 
     def test_no_trusted_proxy_headers_trusted_proxy(self):