fix: strip query params from URI and remove X-Requested-With header

swagger.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 	swaggerFiles "github.com/swaggo/files/v2"
@@ -142,7 +143,12 @@ func EchoWrapHandler(options ...func(*Config)) echo.HandlerFunc {
 			return c.String(http.StatusMethodNotAllowed, http.StatusText(http.StatusMethodNotAllowed))
 		}
 
-		matches := re.FindStringSubmatch(c.Request().RequestURI)
+		requestURI := c.Request().RequestURI
+		if idx := strings.Index(requestURI, "?"); idx != -1 {
+			requestURI = requestURI[:idx]
+		}
+
+		matches := re.FindStringSubmatch(requestURI)
 		path := matches[2]
 
 		switch filepath.Ext(path) {
@@ -216,7 +222,12 @@ func EchoWrapHandlerV3(options ...func(*Config)) echo.HandlerFunc {
 			return echo.NewHTTPError(http.StatusMethodNotAllowed, http.StatusText(http.StatusMethodNotAllowed))
 		}
 
-		matches := re.FindStringSubmatch(c.Request().RequestURI)
+		requestURI := c.Request().RequestURI
+		if idx := strings.Index(requestURI, "?"); idx != -1 {
+			requestURI = requestURI[:idx]
+		}
+
+		matches := re.FindStringSubmatch(requestURI)
 		path := matches[2]
 
 		switch filepath.Ext(path) {
@@ -372,7 +383,14 @@ window.onload = function() {
     plugins: [
       SwaggerUIBundle.plugins.DownloadUrl
     ],
-    layout: "StandaloneLayout"
+    layout: "StandaloneLayout",
+    requestInterceptor: (req) => {
+      if (req.headers) {
+        delete req.headers["X-Requested-With"]
+        delete req.headers["x-requested-with"]
+      }
+      return req
+    }
   })
 
   {{if .OAuth}}

swagger_test.go

@@ -243,6 +243,9 @@ func TestWrapHandler(t *testing.T) {
 	w1 := performRequest(http.MethodGet, "/index.html", router)
 	assert.Equal(t, http.StatusOK, w1.Code)
 	assert.Equal(t, w1.Header()["Content-Type"][0], "text/html; charset=utf-8")
+	body, err := io.ReadAll(w1.Body)
+	assert.NoError(t, err)
+	assert.Contains(t, string(body), "requestInterceptor")
 
 	assert.Equal(t, http.StatusInternalServerError, performRequest(http.MethodGet, "/doc.json", router).Code)
 
@@ -279,6 +282,16 @@ func TestWrapHandler(t *testing.T) {
 
 }
 
+func TestWrapHandlerOAuthRedirect(t *testing.T) {
+	router := echo.New()
+
+	router.Any("/*", EchoWrapHandler())
+
+	w := performRequest(http.MethodGet, "/oauth2-redirect.html?code=abc123&state=xyz", router)
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "text/html; charset=utf-8", w.Header().Get("Content-Type"))
+}
+
 func TestWrapHandlerV3(t *testing.T) {
 	router := echo.New()
 
@@ -287,6 +300,9 @@ func TestWrapHandlerV3(t *testing.T) {
 	w1 := performRequest(http.MethodGet, "/index.html", router)
 	assert.Equal(t, http.StatusOK, w1.Code)
 	assert.Equal(t, w1.Header()["Content-Type"][0], "text/html; charset=utf-8")
+	body, err := io.ReadAll(w1.Body)
+	assert.NoError(t, err)
+	assert.Contains(t, string(body), "requestInterceptor")
 
 	assert.Equal(t, http.StatusInternalServerError, performRequest(http.MethodGet, "/doc.json", router).Code)
 
@@ -323,6 +339,16 @@ func TestWrapHandlerV3(t *testing.T) {
 
 }
 
+func TestWrapHandlerV3OAuthRedirect(t *testing.T) {
+	router := echo.New()
+
+	router.Any("/*", EchoWrapHandlerV3())
+
+	w := performRequest(http.MethodGet, "/oauth2-redirect.html?code=abc123&state=xyz", router)
+	assert.Equal(t, http.StatusOK, w.Code)
+	assert.Equal(t, "text/html; charset=utf-8", w.Header().Get("Content-Type"))
+}
+
 func TestConfig(t *testing.T) {
 	router := echo.New()