diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 90151efca..ac53343b5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -24,15 +24,19 @@ class ApplicationController < ActionController::Base
 	# 所有请求必须合法签名
 	def check_sign
 		Rails.logger.info("66666  #{params}")
-		if params[:client_key].present?
-			randomcode = params[:randomcode]
-			tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5)
-
-			sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}")
-			Rails.logger.info("2222  #{sign}")
-			tip_exception(501, "请求不合理") if sign != params[:client_key]
-		else
-			tip_exception(501, "请求不合理")
+		suffix = request.url.split(".").last
+		suffix_arr = ["xls", "xlsx"] # excel文件先注释
+		unless suffix_arr.include?(suffix)
+			if params[:client_key].present?
+				randomcode = params[:randomcode]
+				tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5)
+
+				sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}")
+				Rails.logger.info("2222  #{sign}")
+				tip_exception(501, "请求不合理") if sign != params[:client_key]
+			else
+				tip_exception(501, "请求不合理")
+			end
 		end
 	end
 
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 46fa024db..e0dd71467 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -5,7 +5,7 @@ class AttachmentsController < ApplicationController
   before_action :require_login, :check_auth, except: [:show]
   before_action :find_file, only: %i[show destroy]
   before_action :attachment_candown, only: [:show]
-  skip_before_action :check_sign, only: [:show]
+  skip_before_action :check_sign, only: [:show, :create]
 
   include ApplicationHelper