Component(s)
router
Component version
0.284.2
wgc version
–
controlplane version
0.151.0
router version
0.284.2
What happened?
Description
The response for queries via POST or GET requests returns a duplicate header vary: Accept-Encoding – this confuses some CDNs. Requests with invalid Authorization Header have only one vary Header.
Steps to Reproduce
curl -v 'https://api.qa.foo.gg/graphql' \
-H 'accept: application/json' \
--data-raw '{"query":"{__type(name: \"Query\"){description}}"}'or
curl -v --request GET \
--url 'https://api.qa.foo.gg/graphql?extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%2237461f04cf200ba3b298e564243b13236c00aa39e36152d69d6b436b62eb4229%22%7D%7D&variables=%7B%22menuName%22%3A%22XprhCFA5TJaTgFft9765Kg%22%7D' \
--header 'Authorization: Bearer eyJhb…' \
--header 'graphql-client-name: foo-android'
Expected Result
…
* Request completely sent off
< HTTP/2 200
< date: Mon, 09 Mar 2026 16:34:34 GMT
< content-type: application/json; charset=utf-8
< content-length: 1247
< vary: Accept-Encoding
< x-authenticated-by: jwks
<
{"data": …}
Actual Result
…
* Request completely sent off
< HTTP/2 200
< date: Mon, 09 Mar 2026 16:34:34 GMT
< content-type: application/json; charset=utf-8
< content-length: 1247
< vary: Accept-Encoding
< vary: Accept-Encoding
< x-authenticated-by: jwks
<
{"data": …}
Environment information
No response
Router configuration
Router execution config
Log output
Additional context
No response
Component(s)
router
Component version
0.284.2
wgc version
–
controlplane version
0.151.0
router version
0.284.2
What happened?
Description
The response for queries via POST or GET requests returns a duplicate header
vary: Accept-Encoding– this confuses some CDNs. Requests with invalidAuthorizationHeader have only onevaryHeader.Steps to Reproduce
or
Expected Result
Actual Result
Environment information
No response
Router configuration
Router execution config
Log output
Additional context
No response