diff --git a/conf/alchemy/admin.conf b/conf/alchemy/admin.conf
index ce51cf9..8366636 100644
--- a/conf/alchemy/admin.conf
+++ b/conf/alchemy/admin.conf
@@ -33,11 +33,11 @@ server {
     root $resty_loc/nginx/html/alchemy/admin;
     index index.html;
 
-    add_header Access-Control-Allow-Origin $http_origin;
-    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-    add_header Access-Control-Allow-Credentials true;
-    add_header Access-Control-Max-Age 86400;
+    add_header Access-Control-Allow-Origin $http_origin always;
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+    add_header Access-Control-Allow-Credentials true always;
+    add_header Access-Control-Max-Age 86400 always;
     if ($request_method = 'OPTIONS') {
         return 200;
     }
diff --git a/conf/alchemy/ts.conf b/conf/alchemy/ts.conf
index 849cf8b..1701539 100644
--- a/conf/alchemy/ts.conf
+++ b/conf/alchemy/ts.conf
@@ -16,11 +16,11 @@ server {
 
     location /api/v1/ts/ {
 
-        add_header Access-Control-Allow-Origin $http_origin;
-        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-        add_header Access-Control-Allow-Credentials true;
-        add_header Access-Control-Max-Age 86400;
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Access-Control-Max-Age 86400 always;
         if ($request_method = 'OPTIONS') {
             return 200;
         }
diff --git a/conf/local_macos/admin.conf b/conf/local_macos/admin.conf
index 6e49160..173ec23 100644
--- a/conf/local_macos/admin.conf
+++ b/conf/local_macos/admin.conf
@@ -29,11 +29,11 @@ server {
     root $resty_loc/nginx/html/admin;
     index index.html;
 
-    add_header Access-Control-Allow-Origin $http_origin;
-    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-    add_header Access-Control-Allow-Credentials true;
-    add_header Access-Control-Max-Age 86400;
+    add_header Access-Control-Allow-Origin $http_origin always;
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+    add_header Access-Control-Allow-Credentials true always;
+    add_header Access-Control-Max-Age 86400 always;
     if ($request_method = 'OPTIONS') {
         return 200;
     }
diff --git a/conf/local_macos/ts.conf b/conf/local_macos/ts.conf
index 1a4ee66..df690c8 100644
--- a/conf/local_macos/ts.conf
+++ b/conf/local_macos/ts.conf
@@ -10,11 +10,11 @@ server {
     set $resty_loc "/usr/local/opt/openresty";
 
     location /api/v1/ts/ {
-        add_header Access-Control-Allow-Origin $http_origin;
-        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-        add_header Access-Control-Allow-Credentials true;
-        add_header Access-Control-Max-Age 86400;
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Access-Control-Max-Age 86400 always;
         if ($request_method = 'OPTIONS') {
             return 200;
         }
diff --git a/conf/moicen/admin.conf b/conf/moicen/admin.conf
index 0900307..dd7492b 100644
--- a/conf/moicen/admin.conf
+++ b/conf/moicen/admin.conf
@@ -33,11 +33,11 @@ server {
     root $resty_loc/nginx/html/admin;
     index index.html;
 
-    add_header Access-Control-Allow-Origin $http_origin;
-    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-    add_header Access-Control-Allow-Credentials true;
-    add_header Access-Control-Max-Age 86400;
+    add_header Access-Control-Allow-Origin $http_origin always;
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+    add_header Access-Control-Allow-Credentials true always;
+    add_header Access-Control-Max-Age 86400 always;
     if ($request_method = 'OPTIONS') {
         return 200;
     }
diff --git a/conf/moicen/ts.conf b/conf/moicen/ts.conf
index 36b407a..8a03795 100644
--- a/conf/moicen/ts.conf
+++ b/conf/moicen/ts.conf
@@ -16,11 +16,11 @@ server {
 
     location /api/v1/ts/ {
 
-        add_header Access-Control-Allow-Origin $http_origin;
-        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
-        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
-        add_header Access-Control-Allow-Credentials true;
-        add_header Access-Control-Max-Age 86400;
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Access-Control-Max-Age 86400 always;
         if ($request_method = 'OPTIONS') {
             return 200;
         }