Duplicate response header `vary: Accept-Encoding`

[saerdnaer]

Component(s)

router

Component version

0.284.2

wgc version

–

controlplane version

0.151.0

router version

0.284.2

What happened?

Description

The response for queries via POST or GET requests returns a duplicate header vary: Accept-Encoding – this confuses some CDNs. Requests with invalid Authorization Header have only one vary Header.

Steps to Reproduce

curl -v 'https://api.qa.foo.gg/graphql' \
  -H 'accept: application/json' \
  --data-raw '{"query":"{__type(name: \"Query\"){description}}"}'

or

curl -v  --request GET \                                                                                          
  --url 'https://api.qa.foo.gg/graphql?extensions=%7B%22persistedQuery%22%3A%7B%22version%22%3A1%2C%22sha256Hash%22%3A%2237461f04cf200ba3b298e564243b13236c00aa39e36152d69d6b436b62eb4229%22%7D%7D&variables=%7B%22menuName%22%3A%22XprhCFA5TJaTgFft9765Kg%22%7D' \
  --header 'Authorization: Bearer eyJhb…' \
  --header 'graphql-client-name:  foo-android'

Expected Result

…
* Request completely sent off
< HTTP/2 200 
< date: Mon, 09 Mar 2026 16:34:34 GMT
< content-type: application/json; charset=utf-8
< content-length: 1247
< vary: Accept-Encoding
< x-authenticated-by: jwks
< 
{"data": …}

Actual Result

…
* Request completely sent off
< HTTP/2 200 
< date: Mon, 09 Mar 2026 16:34:34 GMT
< content-type: application/json; charset=utf-8
< content-length: 1247
< vary: Accept-Encoding
< vary: Accept-Encoding
< x-authenticated-by: jwks
< 
{"data": …}

Environment information

No response

Router configuration

Router execution config

Log output

Additional context

No response

[github-actions]

WunderGraph commits fully to Open Source and we want to make sure that we can help you as fast as possible.
The roadmap is driven by our customers and we have to prioritize issues that are important to them.
You can influence the priority by becoming a customer. Please contact us here.

[flo-skw]

Any news here?