diff --git a/FlyCube/MpApi/Controller/LoginController.class.php b/FlyCube/MpApi/Controller/LoginController.class.php
index fa8a1ab..3f43dab 100644
--- a/FlyCube/MpApi/Controller/LoginController.class.php
+++ b/FlyCube/MpApi/Controller/LoginController.class.php
@@ -15,18 +15,8 @@ class LoginController extends Controller
 	 */
 	public function login()
 	{
-		// 允许所有域名访问（如需限制来源请指定域名）
-		header("Access-Control-Allow-Origin: *");
-		// 允许的请求头
-		header("Access-Control-Allow-Headers: Content-Type, Authorization, Token");
-		// 允许的请求方法
-		header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
-
-		// 如果是 OPTIONS 预检请求，直接返回即可，不要继续处理
-		if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-			http_response_code(200); // 返回200避免浏览器报错
-			exit();
-		}
+		header("Access-Control-Allow-Origin: " . C('LimitApi')); //请求域名限制
+		header('Access-Control-Allow-Headers:Token'); //token请求头
 
 		if (!$_POST['username']) {
 			echo json_encode(array('status' => 0, 'msg' => '用户名不能为空'), JSON_UNESCAPED_UNICODE);