diff --git a/web/src/main/java/cn/jlw/cors/CorsFilter.java b/web/src/main/java/cn/jlw/cors/CorsFilter.java
index d69c4a53..8d1eb3b2 100644
--- a/web/src/main/java/cn/jlw/cors/CorsFilter.java
+++ b/web/src/main/java/cn/jlw/cors/CorsFilter.java
@@ -5,8 +5,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import javax.servlet.*;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.annotation.WebInitParam;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -16,12 +14,12 @@ import java.util.List;
 //cors跨域处理
 
 //TODO 方便调试，allowOrigin暂时适用*,之后改为前端地址
-@WebFilter(filterName = "corsFilter", urlPatterns = "/*",
-        initParams = {@WebInitParam(name = "allowOrigin", value = "*"),
-                @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"),
-                @WebInitParam(name = "allowCredentials", value = "true"),
-                @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign"),
-})
+//@WebFilter(filterName = "corsFilter", urlPatterns = "/*",
+//        initParams = {@WebInitParam(name = "allowOrigin", value = "*"),
+//                @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"),
+//                @WebInitParam(name = "allowCredentials", value = "true"),
+//                @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign"),
+//})
 
 public class CorsFilter implements Filter {
 
diff --git a/web/src/main/java/cn/jlw/cors/TokenAuthorFilter.java b/web/src/main/java/cn/jlw/cors/TokenAuthorFilter.java
new file mode 100644
index 00000000..db0ca6e3
--- /dev/null
+++ b/web/src/main/java/cn/jlw/cors/TokenAuthorFilter.java
@@ -0,0 +1,55 @@
+package cn.jlw.cors;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+ 
+/**
+ * 请求的基本过滤器 预处理请求头
+ *
+ * @author mlx
+ */
+@WebFilter(urlPatterns = {"/*"}, filterName = "tokenAuthorFilter")
+public class TokenAuthorFilter implements Filter {
+ 
+    private static Logger LOG = LoggerFactory.getLogger(TokenAuthorFilter.class);
+ 
+    @Override
+    public void destroy() {
+ 
+    }
+ 
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ 
+        HttpServletRequest req = (HttpServletRequest) request;
+        HttpServletResponse rep = (HttpServletResponse) response;
+        HttpSession session = req.getSession();
+ 
+        rep.setHeader("Access-Control-Allow-Origin",  req.getHeader("Origin"));
+        rep.setHeader("Access-Control-Allow-Credentials", "true");
+        rep.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
+        rep.setHeader("Access-Control-Max-Age", "0");
+        rep.setHeader("Access-Control-Allow-Headers", "token, Origin, X-Requested-With, Content-Type, Accept");
+        rep.setCharacterEncoding("UTF-8");
+ 
+        //谷歌浏览器需要以下设置才能保证下一次请求会携带cookie
+        if(rep.getHeader("Set-Cookie") != null){
+            rep.setHeader("Set-Cookie",rep.getHeader("Set-Cookie")+"; Secure=true; Samesite=none");
+        }
+        chain.doFilter(req, rep);
+ 
+    }
+ 
+    @Override
+    public void init(FilterConfig arg0) throws ServletException {
+ 
+    }
+ 
+}
\ No newline at end of file