diff --git a/FlyCube/MpApi/Controller/LoginController.class.php b/FlyCube/MpApi/Controller/LoginController.class.php
index 8aa8d9e..fa8a1ab 100644
--- a/FlyCube/MpApi/Controller/LoginController.class.php
+++ b/FlyCube/MpApi/Controller/LoginController.class.php
@@ -15,8 +15,18 @@ class LoginController extends Controller
 	 */
 	public function login()
 	{
-		header("Access-Control-Allow-Origin: *"); // 允许所有来源
-		header('Access-Control-Allow-Headers:Token'); //token请求头
+		// 允许所有域名访问（如需限制来源请指定域名）
+		header("Access-Control-Allow-Origin: *");
+		// 允许的请求头
+		header("Access-Control-Allow-Headers: Content-Type, Authorization, Token");
+		// 允许的请求方法
+		header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+
+		// 如果是 OPTIONS 预检请求，直接返回即可，不要继续处理
+		if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+			http_response_code(200); // 返回200避免浏览器报错
+			exit();
+		}
 
 		if (!$_POST['username']) {
 			echo json_encode(array('status' => 0, 'msg' => '用户名不能为空'), JSON_UNESCAPED_UNICODE);