I have the Wordpress deployed to the AWS EB platform PHP 5.4.45. When I make a request from Angular frontend to the API with cookie authorization I need to include X_WP_NONCE header, otherwise, Wordpress will ignore my auth cookie.
The problem is that on EB deployment there is no X_WP_NOCE in the $_SERVER variable. Neither there is HTTP_X_WP_NONCE. There is no nonce at all.
And it looks like all headers which prefixed with X_* getting stripped out.
curl -XGET -H 'A: this works' -H 'X_A: this does not work' http://example.com/
var_dump($_SERVER);
--->
array(76) {
...
["HTTP_A"]=>
string(19) "this works"
...
// But no HTTP_X_A variable
)
Unfortunately, X_WP_NONCE is the part of wordpress core and I cannot edit this code.
How can I tell EB to pass X_* headers to php?
Thank you,
UPDATE 1: apache_request_headers() does see the required header.
Since I have custom wp-config.php committed to the repo (it reads keys and passwords from environment variables, no Booo please), I can add a temporary workaround
if (function_exists('apache_request_headers')) {
$all_headers = apache_request_headers();
$_SERVER['HTTP_X_WP_NONCE'] = $all_headers['HTTP_X_WP_NONCE'];
}