Added gatewayLoopbackEnabled setting (default false) to allow serving gateway requests via localhost.

Useful for testing, but not recommended for production environments.

src/main/java/org/qortal/api/Security.java

@@ -56,7 +56,7 @@ public abstract class Security {
 	public static void disallowLoopbackRequests(HttpServletRequest request) {
 		try {
 			InetAddress remoteAddr = InetAddress.getByName(request.getRemoteAddr());
-			if (remoteAddr.isLoopbackAddress()) {
+			if (remoteAddr.isLoopbackAddress() && !Settings.getInstance().isGatewayLoopbackEnabled()) {
 				throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Local requests not allowed");
 			}
 		} catch (UnknownHostException e) {

src/main/java/org/qortal/settings/Settings.java

@@ -104,6 +104,7 @@ public class Settings {
 	private Integer gatewayPort;
 	private boolean gatewayEnabled = false;
 	private boolean gatewayLoggingEnabled = false;
+	private boolean gatewayLoopbackEnabled = false;
 
 	// Specific to this node
 	private boolean wipeUnconfirmedOnStart = false;
@@ -633,6 +634,10 @@ public class Settings {
 		return this.gatewayLoggingEnabled;
 	}
 
+	public boolean isGatewayLoopbackEnabled() {
+		return this.gatewayLoopbackEnabled;
+	}
+
 
 	public boolean getWipeUnconfirmedOnStart() {
 		return this.wipeUnconfirmedOnStart;