Summary / 概述

This PR fixes CORS (Cross-Origin Resource Sharing) issues that were blocking avatar image display on Weibo and Sspai platforms, and adds support for today's headline (Toutiao) content synchronization. Additionally, it updates multiple platform authentication APIs to use more reliable endpoints.

Related Issue / 关联 Issue

Closes #159

Type of Change / 更改类型

• Bug fix / 修复 Bug (non-breaking change that fixes an issue / 修复问题的非破坏性更改)
• New feature / 新功能 (non-breaking change that adds functionality / 添加功能的非破坏性更改)
• Breaking change / 破坏性更改 (fix or feature that would cause existing functionality to not work as expected / 会导致现有功能无法正常工作的修复或功能)
• Documentation update / 文档更新
• Performance improvement / 性能优化
• Code refactoring / 代码重构
• Other / 其他 (please describe / 请描述):

Changes Made / 更改内容

• Added declarativeNetRequest permission to manifest for handling CORS requests
• Added host permissions for https://*.sinaimg.cn/* (Weibo image CDN) to fix avatar display
• Added host permissions for https://cdnfile.sspai.com/* (Sspai CDN) to fix avatar display
• Implemented complete Toutiao (头条号) content synchronization with ProseMirror editor support
• Updated multiple platform authentication APIs to more reliable endpoints (Wechat, Toutiao, Baijia, Sspai, Sohu, Bilibili, Douyin)
• Added loginUrl field for Sspai platform configuration
• Refactored content.js with improved code formatting and structure

Implementation Details / 实现细节

Key Changes / 主要更改:

1. CORS Blocking Fix: Added Chrome's declarativeNetRequest permission which allows the extension to modify network request headers to bypass CORS restrictions for avatar images from third-party CDNs (Weibo's sinaimg.cn and Sspai's cdnfile.sspai.com).

2. Toutiao Synchronization: Implemented a complete sync handler (syncToutiaoContent) that properly handles Toutiao's ProseMirror-based rich text editor. The implementation includes:

   • Custom waitForElement function with MutationObserver for robust element detection
   • Native DOM manipulation to work with ProseMirror's virtual DOM
   • Proper event dispatching to trigger ProseMirror's change detection
   • Execution in MAIN world context to access page variables

3. API Endpoint Updates: Migrated several platform authentication checks to more stable API endpoints that provide better reliability and richer user information (username + avatar).

Technical Notes / 技术说明:

• The declarativeNetRequest permission is used instead of webRequest for better performance and compatibility with Manifest V3
• Toutiao content filling uses document.execCommand('insertHTML') which is ProseMirror-compatible
• Code formatting improvements include consistent spacing around operators and function parameters
• Background.js changes (461 additions/14 deletions) primarily consist of similar refactoring improvements

Testing / 测试

Testing Checklist / 测试清单

• I have tested this code locally / 我已在本地测试此代码
• All existing tests pass / 所有现有测试通过
• I have added tests for new functionality / 我已为新功能添加测试
• I have tested on the affected platform(s) / 我已在受影响的平台上测试
• I have verified the changes work in the target browser(s) / 我已验证更改在目标浏览器中有效

Manual Testing Steps / 手动测试步骤

1. Install the extension with updated permissions
2. Navigate to Weibo or Sspai platform and verify avatar images load correctly
3. Open Toutiao publishing page (https://mp.toutiao.com)
4. Sync content from another platform to Toutiao and verify title and body are filled correctly
5. Verify login detection works for all updated platforms (Wechat, Baijia, Bilibili, etc.)

Screenshots/Videos / 截图/视频

N/A - This is primarily a backend/API fix. Visual changes are limited to previously broken avatars now displaying correctly.

Reviewer Checklist / 审阅者清单

• Code follows the project's style guidelines / 代码遵循项目的风格指南
• Changes are well-documented / 更改有良好的文档说明
• No breaking changes or clearly documented if present / 无破坏性更改，或已清楚记录
• Security implications have been considered / 已考虑安全影响
• Performance impact has been evaluated / 已评估性能影响
• All discussions have been resolved / 所有讨论已解决

Additional Notes / 补充说明

The declarativeNetRequest permission requires user approval during extension installation/update. Users will see a permission prompt indicating the extension can "Block content on any page" - this is standard Chrome permission language for this API and is necessary to fix the CORS avatar loading issue.