Symfony version(s) affected: 3.3.18

Description
I have a weird behavior when updating from symfony 3.3.17 to 3.3.18 : render_esi blocks in Twig won't work (all sub-requets I guess) if the master request is POST, behind a proxy. Tricky context...

The encountered error is as Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException thrown by Symfony/Component/HttpKernel/EventListener/FragmentListener.php line 90.
It only appears in production environnement, when we hit servers through the Load Balancer.

I think this is linked to the security patch #cve-2018-14774 (https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache).
As we are behind a Load Balancer, we set trusted proxies as mentioned in the doc using IP ranges, but still, subrequests result in an AccessDeniedHttpException.

How to reproduce
To reproduce the error, you need to use render_esi blocks in your template ( {{ render_esi(controller('MyAppBundle:Controller:actionName')) }} ). The page has to be the result of a POST request and the server has to be accessed via a proxy.