diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
index 0140a0c..7e2b66c 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
@@ -72,6 +72,14 @@ public class SecurityConfig {
                 };
 
         http
+                .cors(cors -> cors.configurationSource(request -> {
+                    org.springframework.web.cors.CorsConfiguration config = new org.springframework.web.cors.CorsConfiguration();
+                    config.addAllowedOriginPattern("*");
+                    config.addAllowedMethod("*");
+                    config.addAllowedHeader("*");
+                    config.setAllowCredentials(false); // 与CORS配置保持一致
+                    return config;
+                }))
                 .csrf(csrf -> csrf.disable())   // 配置了 CSRF 禁用、无状态会话管理
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authz -> authz
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
index d14b773..9625772 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
@@ -11,10 +11,10 @@ public class WebConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOriginPatterns("*") // 使用allowedOriginPatterns
+                .allowedOriginPatterns("*") // 允许所有源
                 .allowedMethods("*")
                 .allowedHeaders("*")
-                .allowCredentials(true) // 允许凭证
+                .allowCredentials(false) // 不允许凭证，否则与通配符冲突
                 .maxAge(3600); // 预检请求缓存时间
     }