diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/FilterTools.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/FilterTools.java
index f92e92739cbd7fb356ad6e25414af689ee95236f..0a82f454535e89de1c0028c4c58b1974bdae2c6b 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/FilterTools.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/FilterTools.java
@@ -8,38 +8,38 @@ import org.apache.commons.lang3.StringUtils;
 public class FilterTools {
 
 	public static final String Access_Control_Allow_Origin = "Access-Control-Allow-Origin";
+	public static final String ORIGIN = "Origin";
 	public static final String Access_Control_Allow_Methods = "Access-Control-Allow-Methods";
 	public static final String Access_Control_Allow_Methods_Value = "GET, POST, OPTIONS, PUT, DELETE, HEAD, TRACE";
 	public static final String Access_Control_Allow_Headers = "Access-Control-Allow-Headers";
 	public static final String Access_Control_Allow_Headers_Value = "x-requested-with, x-request, x-token, c-token, Content-Type, Content-Length, x-cipher, x-client, x-debugger, Authorization";
 	public static final String Access_Control_Allow_Credentials = "Access-Control-Allow-Credentials";
 	public static final String Access_Control_Expose_Headers = "Access-Control-Expose-Headers";
+	public static final String Access_Control_Max_Age = "Access-Control-Max-Age";
+	public static final String Access_Control_Max_Age_Value = "86400";
 
 	public static void allow(HttpServletRequest request, HttpServletResponse response) throws Exception {
-		try {
-			String origin = request.getHeader("Origin");
-			response.addHeader(Access_Control_Allow_Origin, StringUtils.isBlank(origin) ? "*" : origin);
-			response.addHeader(Access_Control_Allow_Methods, Access_Control_Allow_Methods_Value);
-			response.addHeader(Access_Control_Allow_Headers, Access_Control_Allow_Headers_Value);
-			response.addHeader(Access_Control_Allow_Credentials, "true");
-			response.setHeader(Access_Control_Expose_Headers, "x-token, c-token");
-		} catch (Exception e) {
-			throw e;
-		}
+		String origin = request.getHeader(ORIGIN);
+		response.addHeader(Access_Control_Allow_Origin, StringUtils.isBlank(origin) ? "*" : origin);
+		response.addHeader(Access_Control_Allow_Methods, Access_Control_Allow_Methods_Value);
+		response.addHeader(Access_Control_Allow_Headers, Access_Control_Allow_Headers_Value);
+		response.addHeader(Access_Control_Allow_Credentials, "true");
+		response.setHeader(Access_Control_Expose_Headers, "x-token, c-token");
+		response.setHeader(Access_Control_Max_Age, Access_Control_Max_Age_Value);
 	}
 
-	public static String Application_Not_Initialized_Json = "{\"type\": \"error\", \"message\": \"application not initialized.\"}";
+	public static final String Application_Not_Initialized_Json = "{\"type\": \"error\", \"message\": \"application not initialized.\"}";
 
-	public static String Application_Not_CipherManagerUser_Json = "{\"type\": \"error\", \"message\": \"not cipher or manager or user.\"}";
+	public static final String Application_Not_CipherManagerUser_Json = "{\"type\": \"error\", \"message\": \"not cipher or manager or user.\"}";
 
-	public static String Application_Not_CipherManager_Json = "{\"type\": \"error\", \"message\": \"not cipher or manager.\"}";
+	public static final String Application_Not_CipherManager_Json = "{\"type\": \"error\", \"message\": \"not cipher or manager.\"}";
 
-	public static String Application_Not_Anonymous_Json = "{\"type\": \"error\", \"message\": \"not anonymous.\"}";
+	public static final String Application_Not_Anonymous_Json = "{\"type\": \"error\", \"message\": \"not anonymous.\"}";
 
-	public static String Application_Not_ManagerUser_Json = "{\"type\": \"error\", \"message\": \"not manager or user.\"}";
+	public static final String Application_Not_ManagerUser_Json = "{\"type\": \"error\", \"message\": \"not manager or user.\"}";
 
-	public static String Application_Not_User_Json = "{\"type\": \"error\", \"message\": \"not user.\"}";
+	public static final String Application_Not_User_Json = "{\"type\": \"error\", \"message\": \"not user.\"}";
 
-	public static String Application_Not_Cipher_Json = "{\"type\": \"error\", \"message\": \"not cipher.\"}";
+	public static final String Application_Not_Cipher_Json = "{\"type\": \"error\", \"message\": \"not cipher.\"}";
 
 }
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousCipherManagerUserJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousCipherManagerUserJaxrsFilter.java
index 487d3694c3908fae272ddd31ab6a7cc125031f5e..fe52ffeb98636be1367ebfe77933612e8760b866 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousCipherManagerUserJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousCipherManagerUserJaxrsFilter.java
@@ -24,6 +24,8 @@ public abstract class AnonymousCipherManagerUserJaxrsFilter extends TokenFilter
 				HttpToken httpToken = new HttpToken();
 				httpToken.who(request, response, Config.token().getCipher());
 				chain.doFilter(request, response);
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousJaxrsFilter.java
index a654b52ffe2478ce92a4246a8a342b0365c0c006..5f2c4d57bf35488c4065cf0f36f240ff86b05f47 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/AnonymousJaxrsFilter.java
@@ -38,6 +38,8 @@ public abstract class AnonymousJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherJaxrsFilter.java
index eb95af982ea502a80aae1abb8e674472f06f5989..e7b3d25a937b864fbf66f0b086ce0f75ff20b528 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherJaxrsFilter.java
@@ -38,6 +38,8 @@ public abstract class CipherJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerJaxrsFilter.java
index 42be220e0feac537aac74bcbb32cdec293f32759..0f6a6fc785a62f36a4d3024680fa212870691d3d 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerJaxrsFilter.java
@@ -39,6 +39,8 @@ public abstract class CipherManagerJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerUserJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerUserJaxrsFilter.java
index 543628ee05c9e3479a0ad737ccf66ece6bb6f1c2..b1dee2cc3ccb90bd8bbcbb89e27745faebcddb4e 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerUserJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerUserJaxrsFilter.java
@@ -38,6 +38,8 @@ public abstract class CipherManagerUserJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/ManagerUserJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/ManagerUserJaxrsFilter.java
index 7b99af78ce2f17130621e8fbfcb1a6d93b80b977..ac4ec8855d954ee1606431a00b6805cf29e3d96e 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/ManagerUserJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/ManagerUserJaxrsFilter.java
@@ -38,6 +38,8 @@ public abstract class ManagerUserJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/TokenFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/TokenFilter.java
index 24222a7bb5f7ab1e6f4b5a681b6576dbd46e2d6b..41231a99c1fdb41b884f8372f053ab49408edb65 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/TokenFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/TokenFilter.java
@@ -1,6 +1,12 @@
 package com.x.base.core.project.jaxrs;
 
 import javax.servlet.Filter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 public abstract class TokenFilter implements Filter {
+
+	protected void options(HttpServletRequest request, HttpServletResponse response) {
+		response.setStatus(204);
+	}
 }
diff --git a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/UserJaxrsFilter.java b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/UserJaxrsFilter.java
index 525e58315c41a39855023529b66672c0d1a1101a..5670082fbd22b2a21530009e77f11b06feff529b 100644
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/UserJaxrsFilter.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/UserJaxrsFilter.java
@@ -38,6 +38,8 @@ public abstract class UserJaxrsFilter extends TokenFilter {
 				} else {
 					chain.doFilter(request, response);
 				}
+			} else {
+				options(request,response);
 			}
 		} catch (Exception e) {
 			e.printStackTrace();