diff --git a/app/__init__.py b/app/__init__.py
index c08885c..0f3a85d 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -9,7 +9,7 @@ from .route.route import route_bp
 
 def create_app():
     app = Flask(__name__)
-    CORS(app)
+    CORS(app, supports_credentials=True)
     # CORS(app, resources={r"/*": {"origins": "*", "methods": "GET,POST,PUT,DELETE,OPTIONS"}})  # 允许所有源访问所有端点
     # CORS(app, resources={r"/*": {"origins": ["http://111.8.143.97", "http://113.246.243.98"]}}, supports_credentials=True)
 
@@ -30,7 +30,21 @@ def create_app():
     log_file_path = '/data/ww/py_sys_monitor/info/access_log'
 
     def log_request_response(response):
-        logging.info(f"响应头：{response.headers}")
+        # 获取请求的Origin头部
+        origin = request.headers.get('Origin')
+
+        # 设置Access-Control-Allow-Origin为请求的Origin
+        if origin:
+            response.headers.add('Access-Control-Allow-Origin', origin)
+
+        # 确保Access-Control-Allow-Credentials被设置为true
+        response.headers.add('Access-Control-Allow-Credentials', 'true')
+
+        # 添加其他需要的CORS头部
+        response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization')
+        response.headers.add('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS')
+
+
         response_data = response.get_json(silent=True)
 
         if "route.get_resource" == request.endpoint: