diff --git a/src/main/java/com/common/base/shiro/AuthFilter.java b/src/main/java/com/common/base/shiro/AuthFilter.java
index f4808d4..cce895e 100644
--- a/src/main/java/com/common/base/shiro/AuthFilter.java
+++ b/src/main/java/com/common/base/shiro/AuthFilter.java
@@ -40,6 +40,7 @@ public class AuthFilter extends AuthenticatingFilter {
             String myOrigin = httpServletRequest.getHeader("origin");
             httpResponse.setContentType("application/json;charset=utf-8");
             httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
+            httpResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with, X-Access-Token, datasource-Key");
             httpResponse.setHeader("Access-Control-Allow-Origin", myOrigin);
             httpResponse.setCharacterEncoding("UTF-8");
             Map<String, Object> result = new HashMap<>();
@@ -83,6 +84,7 @@ public class AuthFilter extends AuthenticatingFilter {
             String myOrigin = httpServletRequest.getHeader("origin");
             httpResponse.setContentType("application/json;charset=utf-8");
             httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
+            httpResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with, X-Access-Token, datasource-Key");
             httpResponse.setHeader("Access-Control-Allow-Origin", myOrigin);
             httpResponse.setCharacterEncoding("UTF-8");
             Map<String, Object> result = new HashMap<>();
@@ -106,6 +108,7 @@ public class AuthFilter extends AuthenticatingFilter {
         httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
         String myOrigin = httpServletRequest.getHeader("origin");
+        httpResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with, X-Access-Token, datasource-Key");
         httpResponse.setHeader("Access-Control-Allow-Origin", myOrigin);
         httpResponse.setCharacterEncoding("UTF-8");
         try {