From 4d8e34e08e1480c499470381254e882e8791d597 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8C=E5=8F=89=E6=A0=91=E6=A0=91?= Date: Mon, 5 Jan 2026 12:49:58 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0=E8=84=9A=E6=9C=AC?= =?UTF-8?q?=E5=92=8CCSP=E4=B8=AD=E7=9A=84=E5=9F=9F=E5=90=8D=E4=BB=8Eacofor?= =?UTF-8?q?k.com=E5=88=B02x.nz?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/config.ts | 4 ++-- src/content/posts/swup-js.md | 4 ++-- src/layouts/Layout.astro | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/config.ts b/src/config.ts index 3d13deb74..a935e38ea 100644 --- a/src/config.ts +++ b/src/config.ts @@ -78,7 +78,7 @@ export const navBarConfig: NavBarConfig = { }, { name: "统计", - url: "https://umami.acofork.com/share/CdkXbGgZr6ECKOyK", // Internal links should not include the base path, as it is automatically added + url: "https://umami.2x.nz/share/CdkXbGgZr6ECKOyK", // Internal links should not include the base path, as it is automatically added external: true, // Show an external link icon and will open in a new tab }, { @@ -121,7 +121,7 @@ export const imageFallbackConfig: ImageFallbackConfig = { export const umamiConfig: UmamiConfig = { enable: true, - baseUrl: "https://umami.acofork.com", + baseUrl: "https://umami.2x.nz", shareId: "CdkXbGgZr6ECKOyK", timezone: "Asia/Shanghai", }; diff --git a/src/content/posts/swup-js.md b/src/content/posts/swup-js.md index b75af8775..3d9937f80 100644 --- a/src/content/posts/swup-js.md +++ b/src/content/posts/swup-js.md @@ -32,8 +32,8 @@ lang: "" 我们只看Umami请求: - https://cloud.umami.is/script.js :Umami官方的全局JS,注入在所有页面中,用于后续将访客行为告知给Umami - http://localhost:4321/js/umami-share.js :之前写的中间件,用于避免多次请求Umami拿全局Token -- https://umami.acofork.com/analytics/us/api/websites/5d710dbd-3a2e-43e3-a553-97b415090c63/stats?startAt=0&endAt=1763429011353&unit=hour&timezone=Asia%2FShanghai&compare=false :获取全站统计信息。为什么在文章页也会获取全站统计?因为全站统计被安放在用户配置块,而用户配置块全局可见 -- https://umami.acofork.com/analytics/us/api/websites/5d710dbd-3a2e-43e3-a553-97b415090c63/stats?startAt=0&endAt=1763429243350&unit=hour&timezone=Asia%2FShanghai&path=eq.%2Fposts%2Fswup-js%2F&compare=false :获取本页统计信息 +- https://umami.2x.nz/analytics/us/api/websites/5d710dbd-3a2e-43e3-a553-97b415090c63/stats?startAt=0&endAt=1763429011353&unit=hour&timezone=Asia%2FShanghai&compare=false :获取全站统计信息。为什么在文章页也会获取全站统计?因为全站统计被安放在用户配置块,而用户配置块全局可见 +- https://umami.2x.nz/analytics/us/api/websites/5d710dbd-3a2e-43e3-a553-97b415090c63/stats?startAt=0&endAt=1763429243350&unit=hour&timezone=Asia%2FShanghai&path=eq.%2Fposts%2Fswup-js%2F&compare=false :获取本页统计信息 - 两个预检:由于CORS,请求源和被请求源不一致,这是浏览器自带的安全策略,实际顺序为 先预检(我不属于你?我能不能访问你?) - 再fetch(我允许你,访问吧) 。题外话:为什么需要预检?因为浏览器要确保该请求是对方明确允许的,而不是恶意网站强行访问的,否则会触发 **CSRF** 攻击,也就是对端源安全策略过于宽松,导致谁都能拿到信息,这些信息可能是敏感的(如登录Token,用户名与密码等) - https://api-gateway.umami.dev/api/send :Umami的官方JS,用于将本次访问的行为汇报给Umami diff --git a/src/layouts/Layout.astro b/src/layouts/Layout.astro index e8fad6980..c3060573d 100644 --- a/src/layouts/Layout.astro +++ b/src/layouts/Layout.astro @@ -115,12 +115,12 @@ const bannerOffset = - + {/* - */} + */} {favicons.map(favicon => ( - + {/* - Umami分析(云-备用) */}