Setup trusted proxy

Fixes #2

web/app.php

@@ -13,6 +13,7 @@
 // When using the HttpCache, you need to call the method in your front controller instead of relying on the configuration parameter
 //Request::enableHttpMethodParameterOverride();
 $request = Request::createFromGlobals();
+Request::setTrustedProxies([$request->server->get('REMOTE_ADDR')],Request::HEADER_X_FORWARDED_ALL);
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);

web/app_dev.php

@@ -10,13 +10,13 @@
 
 // This check prevents access to debug front controllers that are deployed by accident to production servers.
 // Feel free to remove this, extend it, or make something more sophisticated.
-//if (isset($_SERVER['HTTP_CLIENT_IP'])
-//    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
-//    || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])  || php_sapi_name() === 'cli-server')
-//) {
-//    header('HTTP/1.0 403 Forbidden');
-//    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
-//}
+if (isset($_SERVER['HTTP_CLIENT_IP'])
+    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
+    || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])  || php_sapi_name() === 'cli-server')
+) {
+    header('HTTP/1.0 403 Forbidden');
+    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
+}
 
 /** @var \Composer\Autoload\ClassLoader $loader */
 $loader = require __DIR__.'/../app/autoload.php';
@@ -25,6 +25,7 @@
 $kernel = new AppKernel('dev', true);
 //$kernel->loadClassCache();
 $request = Request::createFromGlobals();
+Request::setTrustedProxies([$request->server->get('REMOTE_ADDR')],Request::HEADER_X_FORWARDED_ALL);
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);