From 7b4ebe41f910297d3b8f49e51e80b5ed02fa1aec Mon Sep 17 00:00:00 2001
From: shigahi <masanari.higashi@classmethod.de>
Date: Tue, 10 Mar 2026 01:51:49 +0100
Subject: [PATCH] Use clean headers when fetching page content from Notion

Previously, page fetches forwarded the original request.headers
(including Host header from the custom domain) to Notion. This
caused Notion to return a login page instead of public content
for *.notion.site users.

Use explicit PAGE_FETCH_HEADERS with standard user-agent, accept,
and accept-language headers, matching the pattern already used
for API endpoint fetches.

Fixes #55

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/code.ts | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/code.ts b/src/code.ts
index 28ee1ab..b0002c2 100644
--- a/src/code.ts
+++ b/src/code.ts
@@ -516,6 +516,12 @@ ${
       .replace(/www\\.notion\\.so/g, MY_DOMAIN);
   }
 
+  const PAGE_FETCH_HEADERS = {
+    'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
+    'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'accept-language': 'en-US,en;q=0.9'
+  };
+
   async function fetchAndApply(request) {
     if (request.method === 'OPTIONS') {
       return handleOptions(request);
@@ -630,9 +636,7 @@ ${
       const pageId = SLUG_TO_PAGE[matchedSlug];
       url.pathname = '/' + pageId;
       response = await fetch(url.toString(), {
-        body: request.body,
-        headers: request.headers,
-        method: request.method,
+        headers: PAGE_FETCH_HEADERS,
       });
       response = new Response(response.body, response);
       response.headers.delete('Content-Security-Policy');
@@ -640,9 +644,7 @@ ${
       return appendJavascript(response, SLUG_TO_PAGE, matchedSlug, url);
     } else {
       response = await fetch(url.toString(), {
-        body: request.body,
-        headers: request.headers,
-        method: request.method,
+        headers: PAGE_FETCH_HEADERS,
       });
       response = new Response(response.body, response);
       response.headers.delete('Content-Security-Policy');
@@ -654,8 +656,7 @@ ${
       const notFoundUrl = new URL(url);
       notFoundUrl.pathname = '/' + CUSTOM_404_PAGE_ID;
       const notFoundResponse = await fetch(notFoundUrl.toString(), {
-        headers: request.headers,
-        method: 'GET',
+        headers: PAGE_FETCH_HEADERS,
       });
       // Return custom 404 page content with 404 status
       response = new Response(notFoundResponse.body, {