diff --git a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js
index 84420e3afbbf6861719b48cbd0941519b33c1b6e..e695a404767c3a7d167048fbb2e3e0795da0b0f4 100644
--- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js
+++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js
@@ -2,17 +2,24 @@ const crypto = require('crypto')
 const { ERROR } = require('../common/error')
 const needSignFunctions = new Set([
   'externalRegister',
-  'externalLogin'
+  'externalLogin',
+  'updateUserInfoByExternal'
 ])
 
 module.exports = function () {
   const methodName = this.getMethodName()
   const { source } = this.getUniversalClientInfo()
-  // 非 HTTP 方式请求不需要鉴权
-  if (source !== 'http') return
+
   // 指定接口需要鉴权
   if (!needSignFunctions.has(methodName)) return
 
+  // 非 HTTP 方式请求拒绝访问
+  if (source !== 'http') {
+    throw {
+      errCode: ERROR.ILLEGAL_REQUEST
+    }
+  }
+
   const timeout = 20 * 1000 // 请求超过20秒不能再请求，防止重放攻击
   const { headers, body: _body } = this.getHttpInfo()
   const { 'uni-id-nonce': nonce, 'uni-id-timestamp': timestamp, 'uni-id-signature': signature } = headers