Summary / 概述

Enhanced Baidu Qianfan platform detection by implementing CSRF token authentication from cookies and adding avatar Base64 conversion for improved reliability and security.

Related Issue / 关联 Issue

N/A

Type of Change / 更改类型

• Bug fix / 修复 Bug (non-breaking change that fixes an issue / 修复问题的非破坏性更改)
• Performance improvement / 性能优化

Changes Made / 更改内容

• Added import for convertAvatarToBase64 utility function
• Implemented CSRF token reading from bce-user-info-ct-id cookie via chrome.cookies API
• Updated API request to include csrftoken header when available
• Added avatar Base64 conversion for images hosted on bdimg.com to avoid CORS issues
• Enhanced error logging with console.log for detection start and console.error for exceptions
• Added error message field in catch block return value

Implementation Details / 实现细节

Key Changes / 主要更改:

• Changed detection strategy from "Call current user API directly" to "Read csrftoken from cookie + Call current user API with csrftoken header"
• Now reads bce-user-info-ct-id cookie from qianfan.cloud.baidu.com using chrome.cookies.get() API
• Extracts csrftoken value from cookie and removes quotes using regex replace
• Conditionally adds csrftoken to request headers using spread operator: ...(csrfToken ? { 'csrftoken': csrfToken } : {})
• Converts avatar images from bdimg.com to Base64 to prevent CORS errors
• Changed avatar variable from const to let to allow reassignment after conversion

Technical Notes / 技术说明:

• CSRF token authentication improves security and ensures API requests are properly authenticated
• Cookie-based token reading is more reliable than DOM-based methods
• Base64 avatar conversion eliminates cross-origin image loading issues
• Better error handling with structured logging provides clearer debugging information
• The csrftoken is optional - API still works without it, but includes it when available

Testing / 测试

Testing Checklist / 测试清单

• I have tested this code locally / 我已在本地测试此代码
• All existing tests pass / 所有现有测试通过
• I have tested on the affected platform(s) / 我已在受影响的平台上测试
• I have verified the changes work in the target browser(s) / 我已验证更改在目标浏览器中有效

Manual Testing Steps / 手动测试步骤

1. Login to Baidu Qianfan account on qianfan.cloud.baidu.com
2. Open the extension and trigger Qianfan detection
3. Verify that csrftoken is correctly read from cookie
4. Verify user info is correctly detected and displayed
5. Verify avatar is properly loaded as Base64 when from bdimg.com
6. Check console logs for detection flow

Screenshots/Videos / 截图/视频

N/A

Additional Notes / 补充说明

This enhancement improves the detection reliability by properly handling CSRF authentication and resolving CORS issues with avatar images. The implementation is backward compatible - the API still works without the CSRF token, but includes it when available for better security.