diff --git a/conf/ts.conf b/conf/ts.conf
index 1ede711..846adb6 100644
--- a/conf/ts.conf
+++ b/conf/ts.conf
@@ -28,15 +28,19 @@ server {
 #     index index.html;
 
     location /api/v1/ts/ {
-        proxy_pass http://127.0.0.1:8080/api/v1/ts/;
-        proxy_set_header Host $host;
-        proxy_set_header  X-Forwarded-For $remote_addr;
-        proxy_set_header  X-Forwarded-Host $remote_addr;
-        if ($http_origin ~ [a-z]+\.moicen\.com$) {
-            proxy_set_header Access-Control-Allow-Origin $http_origin;
-            proxy_set_header Access-Control-Request-Methods GET,POST,OPTIONS;
+
+        if ($http_origin !~ [a-z]+\.moicen\.com$) {
+            return 403;
         }
-        proxy_set_header Access-Control-Allow-Headers x-requested-with;
+        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
+        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+        add_header Access-Control-Allow-Credentials true;
+        add_header Access-Control-Max-Age 86400;
+        if ($request_method = 'OPTIONS') {
+            return 200;
+        }
+        proxy_pass http://127.0.0.1:8080/api/v1/ts/;
     }
 }