Allow trusted proxies to be provided via TRUSTED_PROXIES env var

module/Core/src/Config/EnvVars.php

@@ -89,6 +89,7 @@ enum EnvVars: string
     case CORS_ALLOW_ORIGIN = 'CORS_ALLOW_ORIGIN';
     case CORS_ALLOW_CREDENTIALS = 'CORS_ALLOW_CREDENTIALS';
     case CORS_MAX_AGE = 'CORS_MAX_AGE';
+    case TRUSTED_PROXIES = 'TRUSTED_PROXIES';
 
     /** @deprecated Use REDIRECT_EXTRA_PATH */
     case REDIRECT_APPEND_EXTRA_PATH = 'REDIRECT_APPEND_EXTRA_PATH';

module/Core/src/Middleware/ReverseForwardedAddressesMiddlewareDecorator.php

@@ -26,6 +26,8 @@ use function implode;
  * if trusted proxies are not set.
  *
  * @see https://github.com/akrabat/ip-address-middleware/pull/51
+ * @deprecated Remove in future major version, and enforce users with multiple reverse proxies to provide the list via
+ *             TRUSTED_PROXIES
  */
 readonly class ReverseForwardedAddressesMiddlewareDecorator implements MiddlewareInterface
 {