diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php
index dc40e4f..d987780 100644
--- a/core/lib/Drupal/Core/DrupalKernel.php
+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -219,6 +219,21 @@ public static function createFromRequest(Request $request, $class_loader, $envir
     $kernel->setSitePath($site_path);
     Settings::initialize(dirname($core_root), $site_path, $class_loader);
 
+    // Set up trusted HTTP Host headers
+    $bypass_trusted_hosts = Settings::get('bypass_trusted_hosts', FALSE);
+    if (!$bypass_trusted_hosts) {
+      $hostPatterns = Settings::get('trusted_host_patterns', array());
+
+      $hostPatterns += array(
+        '^localhost$',
+        '^localhost\.*$',
+        '*\.local$',
+        str_replace('.', '\.', $request->server->get('SERVER_NAME')),
+      );
+
+      $request->setTrustedHosts($hostPatterns);
+    }
+
     // Redirect the user to the installation script if Drupal has not been
     // installed yet (i.e., if no $databases array has been defined in the
     // settings.php file) and we are not already installing.