diff --git a/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java b/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
index ffcf0792..ad341428 100644
--- a/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
+++ b/kicc-auth/src/main/java/com/cloud/kicc/auth/config/WebSecurityConfiguration.java
@@ -55,7 +55,10 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 			.antMatchers("/token/**")
 			.permitAll()
 			.anyRequest()
-			.authenticated();
+			.authenticated()
+			.and()
+			// CRSF禁用，因为不使用session，防止验证CookieCSRF令牌导致拦截到登陆页面
+			.csrf().disable();
 	}
 
 	/**