Summary

This PR implements a three-layered defense mechanism to prevent Baidu Qianfan editor from being redirected to the login page during the sync process.

Related Issue

N/A

Type of Change

• Bug fix (non-breaking change that fixes an issue)

Implementation Details

Problem

The Qianfan editor has an auto-save mechanism that automatically triggers POST requests to /api/community/topic when content changes. This API is intercepted by OpenRASP WAF, returning success: false, status: 302. When the frontend receives this response, it redirects to the login page via window.location.href, causing sync failure.

Attempted Solutions

1. JS-layer fetch/XHR interception: Failed because page scripts got the original reference before our code
2. Content script injection at document_start: Intercepted fetch but could not block location.href assignment
3. declarativeNetRequest to block POST directly: Caused the tab to fail loading completely
4. chrome.debugger: Failed silently

Final Solution - Three-Layered Defense

1. Network Layer (declarativeNetRequest): Block navigation from Qianfan domain to login.bce.baidu.com - this is the most reliable layer
2. JS Layer (Navigation API): Use e.preventDefault() to intercept login page redirects triggered by JavaScript
3. API Layer (fetch interception): Intercept auto-save requests and return a fake success response to prevent error triggers

Key Changes

• Added qianfanIntercept function to intercept fetch/XHR/sendBeacon/location assignments and Navigation API events
• Dynamically injected the intercept script into MAIN world with injectImmediately: true for early execution
• Added declarativeNetRequest dynamic rule to block navigation to login pages from Qianfan domain
• Added tab URL change listener as a fallback to redirect back to the editor if login page is accessed

Technical Notes

• The intercept script runs in MAIN world to access the original fetch/XHR before page scripts
• Uses Navigation API (modern browser feature) to intercept programmatic navigation
• Fallback to History API interception for additional protection
• All three layers work together to ensure robust protection against unwanted redirects

Testing

Testing Checklist

• I have tested this code locally
• All existing tests pass
• I have tested on the affected platform(s)

Manual Testing Steps

1. Open Baidu Qianfan editor with COSE extension
2. Write content and wait for auto-save to trigger
3. Verify that the page does not redirect to login
4. Verify that content sync completes successfully

Reviewer Checklist

• Code follows the project's style guidelines
• Changes are well-documented
• No breaking changes or clearly documented if present
• Security implications have been considered
• Performance impact has been evaluated