Add nginx auth remedial step (#100)

Author: Clorith

frequently-asked-questions.md

@@ -99,14 +99,22 @@ Adding `$is_args` (which will print a ? character if query arguments are found)
 
 ## Why is Authentication not working?
 
-If you're finding that you are sending Authentication headers but the request is not being accepted, and you're using Apache in a CGI environment, Apache may be stripping the headers. Try adding this to a configuration file or .htaccess:
+If you're finding that you are sending Authentication headers but the request is not being accepted, and you are using a CGI environment, your webserver may be stripping the headers. Please try adding the appropriate configuration below to remedy this.
 
+### Apache
+Add the following to a configuration file or .htaccess:
 ```
 <IfModule mod_setenvif>
   SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
 </IfModule>
 ```
 
+### Nginx
+Add the following to your server configurations fastcgi section:
+```
+fastcgi_pass_header Authorization;
+```
+
 ## Why is the REST API not verifying the incoming Origin header? Does this expose my site to CSRF attacks?
 
 Cross-Origin Resource Sharing (CORS) is a mechanism which allows a website to control which Origins (originating external sites) are allowed to access your site's data. CORS prevents against a particular type of attack known as Cross-Site Request Forgery, or CSRF. However, WordPress has an existing CSRF protection mechanism which uses [nonces](https://developer.wordpress.org/plugins/security/nonces/). Tightening CORS restrictions would prevent some authentication methods, so the WordPress REST API uses nonces for CSRF protection instead of CORS.