From a478c902beb5cfd736d5509626797b94e7a32401 Mon Sep 17 00:00:00 2001
From: zhenhui <1276357500@qq.com>
Date: Sat, 21 Mar 2026 14:17:42 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B5=8B=E8=AF=95=E5=88=86=E6=94=AF-=E9=83=A8?=
 =?UTF-8?q?=E7=BD=B2-=E9=A2=84=E6=A3=80=E5=93=8D=E5=BA=94=E4=B8=AD?=
 =?UTF-8?q?=E7=BC=BA=E5=B0=91server=E8=AF=B7=E6=B1=82=E5=A4=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/common/middleware/AllowCrossDomain.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/common/middleware/AllowCrossDomain.php b/app/common/middleware/AllowCrossDomain.php
index 347eb79..842e724 100644
--- a/app/common/middleware/AllowCrossDomain.php
+++ b/app/common/middleware/AllowCrossDomain.php
@@ -30,7 +30,7 @@ class AllowCrossDomain implements MiddlewareInterface
             'Access-Control-Allow-Credentials' => 'true',
             'Access-Control-Max-Age'            => '1800',
             'Access-Control-Allow-Methods'      => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
-            'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
+            'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, think-lang, server',
         ];
         $origin = $request->header('origin');
         if (is_array($origin)) {