diff --git a/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
new file mode 100644
index 0000000..b3d4f64
--- /dev/null
+++ b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
@@ -0,0 +1,43 @@
+package com.casic.missiles.filter;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @Description:
+ * @Author: wangpeng
+ * @Date: 2023/4/27 11:08
+ */
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class CORSFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        if(request.getMethod().equals(HttpMethod.OPTIONS.name())){
+            response.setStatus(HttpStatus.NO_CONTENT.value());
+        }else{
+            chain.doFilter(req, res);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) {}
+
+    @Override
+    public void destroy() {}
+}

diff --git a/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
new file mode 100644
index 0000000..b3d4f64
--- /dev/null
+++ b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
@@ -0,0 +1,43 @@
+package com.casic.missiles.filter;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @Description:
+ * @Author: wangpeng
+ * @Date: 2023/4/27 11:08
+ */
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class CORSFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        if(request.getMethod().equals(HttpMethod.OPTIONS.name())){
+            response.setStatus(HttpStatus.NO_CONTENT.value());
+        }else{
+            chain.doFilter(req, res);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) {}
+
+    @Override
+    public void destroy() {}
+}
diff --git a/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java b/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
index 94e8e86..1d94000 100644
--- a/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
+++ b/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
@@ -18,7 +18,6 @@
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.web.servlet.LocaleResolver;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
@@ -99,14 +98,14 @@
         converters.add(converter);
     }
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("*")
-                .allowCredentials(true)
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .maxAge(3600);
-    }
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/**")
+//                .allowedOriginPatterns("*")
+//                .allowCredentials(true)
+//                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+//                .maxAge(3600);
+//    }
 
     /**
      * fastjson的配置

diff --git a/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
new file mode 100644
index 0000000..b3d4f64
--- /dev/null
+++ b/casic-metering-api/src/main/java/com/casic/missiles/filter/CORSFilter.java
@@ -0,0 +1,43 @@
+package com.casic.missiles.filter;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @Description:
+ * @Author: wangpeng
+ * @Date: 2023/4/27 11:08
+ */
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class CORSFilter implements Filter {
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        if(request.getMethod().equals(HttpMethod.OPTIONS.name())){
+            response.setStatus(HttpStatus.NO_CONTENT.value());
+        }else{
+            chain.doFilter(req, res);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) {}
+
+    @Override
+    public void destroy() {}
+}
diff --git a/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java b/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
index 94e8e86..1d94000 100644
--- a/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
+++ b/casic-metering-common/src/main/java/com/casic/missiles/config/WebMvcConfig.java
@@ -18,7 +18,6 @@
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.web.servlet.LocaleResolver;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
@@ -99,14 +98,14 @@
         converters.add(converter);
     }
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("*")
-                .allowCredentials(true)
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .maxAge(3600);
-    }
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/**")
+//                .allowedOriginPatterns("*")
+//                .allowCredentials(true)
+//                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+//                .maxAge(3600);
+//    }
 
     /**
      * fastjson的配置
diff --git a/casic-metering-common/src/main/java/com/casic/missiles/utils/MinioUtil.java b/casic-metering-common/src/main/java/com/casic/missiles/utils/MinioUtil.java
index 6fc3ca0..40fea08 100644
--- a/casic-metering-common/src/main/java/com/casic/missiles/utils/MinioUtil.java
+++ b/casic-metering-common/src/main/java/com/casic/missiles/utils/MinioUtil.java
@@ -213,7 +213,11 @@
             response.reset();
             response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\"");
             response.addHeader("Content-Length", "" + data.length);
-            response.addHeader("Access-Allow-Control-Origin","*");
+            response.setHeader("Access-Control-Allow-Origin", "*");
+            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+            response.setHeader("Access-Control-Max-Age", "3600");
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+            response.setHeader("Access-Control-Allow-Headers", "*");
             response.setContentType("application/octet-stream;charset=UTF-8");
             OutputStream outputStream = new BufferedOutputStream(response.getOutputStream());
             outputStream.write(data);