Merge branch 'release/4.9.0' of https://github.com/tangly1024/NotionNext into release/4.9.0

Author: tangly1024

lib/notion/mapImage.js

@@ -123,16 +123,20 @@ const compressImage = (image, width, quality = 50, fmt = 'webp') => {
   let urlObj
   let params
   try {
-    // 将URL解析为一个对象
     urlObj = new URL(image)
-    // 获取URL参数
     params = new URLSearchParams(urlObj.search)
   } catch (err) {
-    // 捕获异常并打印错误的url
-    console.error('compressImage: Invalid URL:', image, err)
-    return image
+    // 如果解析失败，尝试 decodeURIComponent 再解析
+    try {
+      const decoded = decodeURIComponent(image)
+      urlObj = new URL(decoded)
+      params = new URLSearchParams(urlObj.search)
+    } catch (e) {
+      console.error('compressImage: Invalid URL:', image, err)
+      return image
+    }
   }
-
+  
   // Notion图床
   if (
     image.indexOf(BLOG.NOTION_HOST) === 0 &&

next.config.js

@@ -207,64 +207,68 @@ const nextConfig = {
           {
             source: '/:path*{/}?',
             headers: [
-              // 安全头部
-              { key: 'X-Frame-Options', value: 'DENY' },
-              { key: 'X-Content-Type-Options', value: 'nosniff' },
-              { key: 'X-XSS-Protection', value: '1; mode=block' },
-              { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
-              { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
-              {
-                key: 'Strict-Transport-Security',
-                value: 'max-age=31536000; includeSubDomains; preload'
-              },
-              {
-                key: 'Content-Security-Policy',
-                value: [
-                  "default-src 'self'",
-                  "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com",
-                  "style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com",
-                  "img-src 'self' data: blob: *.notion.so *.unsplash.com *.githubusercontent.com *.gravatar.com",
-                  "font-src 'self' *.googleapis.com *.gstatic.com",
-                  "connect-src 'self' *.google-analytics.com *.googletagmanager.com",
-                  "frame-src 'self' *.youtube.com *.vimeo.com",
-                  "object-src 'none'",
-                  "base-uri 'self'",
-                  "form-action 'self'"
-                ].join('; ')
-              },
-
-              // CORS 配置（更严格）
-              { key: 'Access-Control-Allow-Credentials', value: 'false' },
-              {
-                key: 'Access-Control-Allow-Origin',
-                value: process.env.NODE_ENV === 'production'
-                  ? siteConfig('LINK') || 'https://yourdomain.com'
-                  : '*'
-              },
+              // 为了博客兼容性，不做过多安全限制
+              { key: 'Access-Control-Allow-Credentials', value: 'true' },
+              { key: 'Access-Control-Allow-Origin', value: '*' },
               {
                 key: 'Access-Control-Allow-Methods',
-                value: 'GET,OPTIONS,HEAD'
+                value: 'GET,OPTIONS,PATCH,DELETE,POST,PUT'
               },
               {
                 key: 'Access-Control-Allow-Headers',
-                value: 'Accept, Accept-Version, Content-Length, Content-Type, Date'
-              },
-              { key: 'Access-Control-Max-Age', value: '86400' }
-            ]
-          },
-          {
-            source: '/api/:path*',
-            headers: [
-              // API 特定的安全头部
-              { key: 'X-Frame-Options', value: 'DENY' },
-              { key: 'X-Content-Type-Options', value: 'nosniff' },
-              { key: 'Cache-Control', value: 'no-store, max-age=0' },
-              {
-                key: 'Access-Control-Allow-Methods',
-                value: 'GET,POST,PUT,DELETE,OPTIONS'
+                value:
+                  'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version'
               }
+              // 安全头部 相关配置，谨慎开启
+            //   { key: 'X-Frame-Options', value: 'DENY' },
+            //   { key: 'X-Content-Type-Options', value: 'nosniff' },
+            //   { key: 'X-XSS-Protection', value: '1; mode=block' },
+            //   { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
+            //   { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
+            //   {
+            //     key: 'Strict-Transport-Security',
+            //     value: 'max-age=31536000; includeSubDomains; preload'
+            //   },
+            //   {
+            //     key: 'Content-Security-Policy',
+            //     value: [
+            //       "default-src 'self'",
+            //       "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com",
+            //       "style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com",
+            //       "img-src 'self' data: blob: *.notion.so *.unsplash.com *.githubusercontent.com *.gravatar.com",
+            //       "font-src 'self' *.googleapis.com *.gstatic.com",
+            //       "connect-src 'self' *.google-analytics.com *.googletagmanager.com",
+            //       "frame-src 'self' *.youtube.com *.vimeo.com",
+            //       "object-src 'none'",
+            //       "base-uri 'self'",
+            //       "form-action 'self'"
+            //     ].join('; ')
+            //   },
+
+            //   // CORS 配置（更严格）
+            //   { key: 'Access-Control-Allow-Credentials', value: 'false' },
+            //   {
+            //     key: 'Access-Control-Allow-Origin',
+            //     value: process.env.NODE_ENV === 'production'
+            //       ? siteConfig('LINK') || 'https://yourdomain.com'
+            //       : '*'
+            //   },
+            //   { key: 'Access-Control-Max-Age', value: '86400' }
             ]
-          }
+          },
+            //   {
+            //     source: '/api/:path*',
+            //     headers: [
+            //       // API 特定的安全头部
+            //       { key: 'X-Frame-Options', value: 'DENY' },
+            //       { key: 'X-Content-Type-Options', value: 'nosniff' },
+            //       { key: 'Cache-Control', value: 'no-store, max-age=0' },
+            //       {
+            //         key: 'Access-Control-Allow-Methods',
+            //         value: 'GET,POST,PUT,DELETE,OPTIONS'
+            //       }
+            //     ]
+            //   }
         ]
       },
   webpack: (config, { dev, isServer }) => {

pages/500.js

@@ -0,0 +1,3 @@
+export default function Custom500() {
+  return <div>服务器内部错误，请稍后重试。</div>
+}

pages/_error.js

@@ -0,0 +1,7 @@
+export default function ErrorPage({ statusCode }) {
+  return <div>发生错误，状态码：{statusCode || 404}</div>
+}
+ErrorPage.getInitialProps = ({ res, err }) => {
+  const statusCode = res ? res.statusCode : err ? err.statusCode : 404
+  return { statusCode }
+}

types/index.ts

@@ -237,6 +237,6 @@ export interface EnvironmentVariables {
 }
 
 // 导出所有类型
-export * from './blog'
-export * from './notion'
-export * from './theme'
+// export * from './blog'
+// export * from './notion'
+// export * from './theme'