diff --git a/lib/midware/cors.go b/lib/midware/cors.go
index 9eb024a3..b0a73ad6 100644
--- a/lib/midware/cors.go
+++ b/lib/midware/cors.go
@@ -48,10 +48,12 @@ func Cors(next http.Handler) http.Handler {
 			// 允许请求头
 			allowHeaders := []string{
 				"Accesstoken",
+				"Content-Type",
+				"operationtype",
 			}
 			w.Header().Set("Access-Control-Allow-Headers", strings.Join(allowHeaders, ","))
 
-			w.WriteHeader(500)
+			w.WriteHeader(204)
 			return
 		}
 
diff --git a/lib/services/services.go b/lib/services/services.go
index 3222f8a4..dade6a4a 100644
--- a/lib/services/services.go
+++ b/lib/services/services.go
@@ -883,15 +883,16 @@ func ResponseErrorWithJson(w http.ResponseWriter, code int, nameValue interface{
 }
 
 func SetCommonResponseHeader(w http.ResponseWriter) {
+	// 设置Vary头部
+	w.Header().Set("Vary", "Origin")
+	w.Header().Set("Keep-Alive", "timeout=5")
 	// To solve cross domain issue
 	w.Header().Set("Access-Control-Allow-Origin", "*")
-	//	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS")
 	w.Header().Set("Access-Control-Allow-Methods", "*")
 	w.Header().Set("Access-Control-Allow-Headers", "*")
-	//	w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
-	//	w.Header().Set("Access-Control-Allow-Headers", "AccessToken")
-	w.Header().Set("Access-Control-Expose-Headers", "Access-Control-Allow-Headers, Token")
 	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	// 响应最大时间值
+	w.Header().Set("Access-Control-Max-Age", "31536000")
 }
 
 func SetResponseHeader(w http.ResponseWriter) {