This error message is caused by a security feature that was added to Drupal 8. Previously, it was possible to spoof the HTTP Host header and trick Drupal into using a different domain name. In other words, your Drupal site could be duped into thinking it to be someone else.
In order to prevent this from happening, Drupal looked at the Symfony framework which already provided a trusted host mechanism, where site administrators could whitelist hostnames. Trusted hosts can now be configured in Drupal through a new setting in settings.php:
According to the documentation, this setting needs to be an array of regular expression patterns, without delimiters, representing the hostnames you would like to allow to run from.
For example, if you want to run your Drupal website only to run from www.yourdomain.com, you write the following in your settings.php:
$settings['trusted_host_patterns'] = array( '^www\.yourdomain\.com$', );
Or if, for example, you would like to run your Drupal website off of *.yourdomain.com and *.yourdomain.org, your settings.php would have to include this:
$settings['trusted_host_patterns'] = array( '^yourdomain\.com$', '^.+\.yourdomain\.com$', '^yourdomain\.org', '^.+\.yourdomain\.org', );
Using regular expression patterns, you can build all sorts of rules.
For local development environments, you could include the following in your local.settings.php:
$settings['trusted_host_patterns'] = array( '^172\.0.\0.\1$', '^localhost$', );
Have fun and be safe out there!