middleware: Allow HTTP from localhost, not through a reverse proxy.

In servers with `application_server.http_only = true` and
`loadbalancer.ips` set, the DetectProxyMisconfiguration middleware
prevents access over HTTP from IP addresses other than the
loadbalancer.

However, this misses the case of access from localhost over HTTP,
which is safe and expected -- for instance, the `email-mirror-postfix`
script used in the email gateway[^1] will post to `http://localhost/`
by default in such configurations.  With the
DetectProxyMisconfiguration installed, this will result in a 403
response.

Make an exception for requests from `127.0.0.1` and `::1` from
proxy-misconfiguration rejections.

[^1]: https://zulip.readthedocs.io/en/latest/production/email-gateway.html

zerver/middleware.py

@@ -636,7 +636,16 @@ class DetectProxyMisconfiguration(MiddlewareMixin):
         # misconfigured, but we cannot distinguish this from a random
         # client which is providing proxy headers to a correctly
         # configured Zulip.
-        if proxy_state_header != "" and not request.is_secure():
+        #
+        # There is a complication to the above logic -- we do expect
+        # that requests not through the proxy may happen from
+        # localhost over HTTP (e.g. the email gateway).  Skip warnings
+        # if the remote IP is localhost.
+        if (
+            proxy_state_header != ""
+            and not request.is_secure()
+            and request.META["REMOTE_ADDR"] not in ("127.0.0.1", "::1")
+        ):
             raise ProxyMisconfigurationError(proxy_state_header)