From 1724d1b48908083ac0f9e0c449ce70e3790a9a86 Mon Sep 17 00:00:00 2001
From: Uladzimir Tsykun <tsykun314@gmail.com>
Date: Fri, 24 Feb 2023 05:42:32 +0100
Subject: [PATCH] Remove default TRUSTED_PROXIES values. Only configuration
 example keep

---
 .env | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index 14e03c38..a891b8cd 100644
--- a/.env
+++ b/.env
@@ -51,5 +51,8 @@ APP_COMPOSER_HOME="%kernel.project_dir%/var/.composer"
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 ###< nelmio/cors-bundle ###
 
+# For more security you can disable access with other hosts and HTTP Host Header Attack
 TRUSTED_HOSTS=
-TRUSTED_PROXIES=172.16.0.0/12
+
+# When Using a Reverse Proxy
+#TRUSTED_PROXIES=172.16.0.0/12