Custom component broke with Improve X-Forwarded-* request headers handling

I have a custom component that I built for HA for a basic IP-enabled relay/switch board. As the board is very basic, it only has the capability to do GETs for updates.

To integrate this with HA, I created an apache reverse proxy that injected a long-lived access token header. This reverse proxy is a Docker container:

<VirtualHost *:8443>
    ProxyRequests On
    ProxyPreserveHost On
    ProxyPass /
    ProxyPassReverse /
    Header add Authorization "Bearer LONGLIVEDTOKEN"
    RequestHeader set Authorization "Bearer LONGLIVEDTOKEN"
    ServerName localhost

I also have the following in HA:

  use_x_forwarded_for: true
    -   #IP address of apache reverse proxy

With @frenck’s PR #38696, my component is now broken. I’m assuming I was not strict enough on the X-Forwarded header. I have tried to debug, but am getting nowhere. Can anyone offer any insight?