diff --git a/web/src/main/java/cn/jlw/filter/CorsFilter.java b/web/src/main/java/cn/jlw/filter/CorsFilter.java
index 580a3639..9ad365a4 100644
--- a/web/src/main/java/cn/jlw/filter/CorsFilter.java
+++ b/web/src/main/java/cn/jlw/filter/CorsFilter.java
@@ -5,6 +5,8 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.annotation.WebInitParam;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -14,13 +16,12 @@ import java.util.List;
 //cors跨域处理
 
 //TODO 方便调试，allowOrigin暂时适用*,之后改为前端地址
-//@WebFilter(filterName = "corsFilter", urlPatterns = "/*",
-//        initParams = {@WebInitParam(name = "allowOrigin", value = "*"),
-//                @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"),
-//                @WebInitParam(name = "allowCredentials", value = "true"),
-//                @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign"),
-//})
-
+@WebFilter(filterName = "corsFilter", urlPatterns = "/*",
+        initParams = {@WebInitParam(name = "allowOrigin", value = "*"),
+                @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"),
+                @WebInitParam(name = "allowCredentials", value = "true"),
+                @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign,_role_tag"),
+})
 public class CorsFilter implements Filter {
 
     private final Log log = LogFactory.getLog(this.getClass());
diff --git a/web/src/main/java/cn/jlw/filter/TokenAuthorFilter.java b/web/src/main/java/cn/jlw/filter/TokenAuthorFilter.java
index 353e8697..1efbc294 100644
--- a/web/src/main/java/cn/jlw/filter/TokenAuthorFilter.java
+++ b/web/src/main/java/cn/jlw/filter/TokenAuthorFilter.java
@@ -1,53 +1,53 @@
-package cn.jlw.filter;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.*;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
- 
-/**
- * 请求的基本过滤器 预处理请求头
- *
- * @author mlx
- */
-@WebFilter(urlPatterns = {"/*"}, filterName = "tokenAuthorFilter")
-public class TokenAuthorFilter implements Filter {
- 
-    private static final Logger LOG = LoggerFactory.getLogger(TokenAuthorFilter.class);
- 
-    @Override
-    public void destroy() {
- 
-    }
- 
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- 
-        HttpServletRequest req = (HttpServletRequest) request;
-        HttpServletResponse rep = (HttpServletResponse) response;
-
-        rep.setHeader("Access-Control-Allow-Origin",  req.getHeader("Origin"));
-        rep.setHeader("Access-Control-Allow-Credentials", "true");
-        rep.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
-        rep.setHeader("Access-Control-Max-Age", "0");
-        rep.setHeader("Access-Control-Allow-Headers", "token, Origin, X-Requested-With, Content-Type, Accept");
-        rep.setCharacterEncoding("UTF-8");
- 
-        //谷歌浏览器需要以下设置才能保证下一次请求会携带cookie
-        if(rep.getHeader("Set-Cookie") != null){
-            rep.setHeader("Set-Cookie",rep.getHeader("Set-Cookie")+"; Secure=true; Samesite=none");
-        }
-        chain.doFilter(req, rep);
- 
-    }
- 
-    @Override
-    public void init(FilterConfig arg0) throws ServletException {
- 
-    }
- 
-}
\ No newline at end of file
+//package cn.jlw.filter;
+//
+//import org.slf4j.Logger;
+//import org.slf4j.LoggerFactory;
+//
+//import javax.servlet.*;
+//import javax.servlet.annotation.WebFilter;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//import java.io.IOException;
+//
+///**
+// * 请求的基本过滤器 预处理请求头
+// *
+// * @author mlx
+// */
+//@WebFilter(urlPatterns = {"/*"}, filterName = "tokenAuthorFilter")
+//public class TokenAuthorFilter implements Filter {
+//
+//    private static final Logger LOG = LoggerFactory.getLogger(TokenAuthorFilter.class);
+//
+//    @Override
+//    public void destroy() {
+//
+//    }
+//
+//    @Override
+//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+//
+//        HttpServletRequest req = (HttpServletRequest) request;
+//        HttpServletResponse rep = (HttpServletResponse) response;
+//
+//        rep.setHeader("Access-Control-Allow-Origin",  req.getHeader("Origin"));
+//        rep.setHeader("Access-Control-Allow-Credentials", "true");
+//        rep.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
+//        rep.setHeader("Access-Control-Max-Age", "0");
+//        rep.setHeader("Access-Control-Allow-Headers", "token, Origin, X-Requested-With, Content-Type, Accept");
+//        rep.setCharacterEncoding("UTF-8");
+//
+//        //谷歌浏览器需要以下设置才能保证下一次请求会携带cookie
+//        if(rep.getHeader("Set-Cookie") != null){
+//            rep.setHeader("Set-Cookie",rep.getHeader("Set-Cookie")+"; Secure=true; Samesite=none");
+//        }
+//        chain.doFilter(req, rep);
+//
+//    }
+//
+//    @Override
+//    public void init(FilterConfig arg0) throws ServletException {
+//
+//    }
+//
+//}
\ No newline at end of file