Laravel custom request headers are not populated

Question

I am using postman to issue requests to my project, Here is what it looks like:

Request Headers:
cache-control:"no-cache"
postman-token:"65b35825-8c35-47ae-ad03-159d3da08e95"
partner_key:"123456789"
partner_secret:"123456789"
business_external_id:"123456789"
user-agent:"PostmanRuntime/6.4.1"
accept:"*/*"
host:"loyaltybro.local"
accept-encoding:"gzip, deflate"

I am interested in the 'partner_key', 'partner_secret', 'business_external_id'.

In my code I am logging the headers received like this:

public function handle($request, Closure $next)
{   
    $headers = $request->headers->all();
    \Log::info($headers);
    ...
}

Here is log output.

local.INFO: array (
  'cache-control' => 
  array (
    0 => 'no-cache',
  ),
  'postman-token' => 
  array (
    0 => '65b35825-8c35-47ae-ad03-159d3da08e95',
  ),
  'user-agent' => 
  array (
    0 => 'PostmanRuntime/6.4.1',
  ),
  'accept' => 
  array (
    0 => '*/*',
  ),
  'host' => 
  array (
    0 => 'loyaltybro.local',
  ),
  'accept-encoding' => 
  array (
    0 => 'gzip, deflate',
  ),
  'connection' => 
  array (
    0 => 'keep-alive',
  ),
) 

There are no 'partner_key', 'partner_secret', 'business_external_id'.

Why are they not being populated?

Answer 1

Headers with underscores are dropped by default in both nginx and apache.

http://httpd.apache.org/docs/trunk/new_features_2_4.html

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped.

https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?highlight=disappearing%20http%20headers#missing-disappearing-http-headers

If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables as both dashes and underscores are mapped to underscores during that process.