diff --git a/iot-gateway/src/main/java/com/qiuguo/iot/gateway/filter/AuthFilter.java b/iot-gateway/src/main/java/com/qiuguo/iot/gateway/filter/AuthFilter.java
index bfcb409..3e68290 100644
--- a/iot-gateway/src/main/java/com/qiuguo/iot/gateway/filter/AuthFilter.java
+++ b/iot-gateway/src/main/java/com/qiuguo/iot/gateway/filter/AuthFilter.java
@@ -37,6 +37,7 @@ public class AuthFilter implements GlobalFilter, Ordered {
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         ServerHttpRequest request = exchange.getRequest();
         String url = request.getPath().toString();
+        System.out.println("url = " + url);
         return chain.filter(exchange);
         // if (xssProperties.getExcludeUrls().contains(url)) {
         //     return chain.filter(exchange);
diff --git a/iot-gateway/src/main/resources/bootstrap-dev.yml b/iot-gateway/src/main/resources/bootstrap-dev.yml
index 6369bfa..3277ad8 100644
--- a/iot-gateway/src/main/resources/bootstrap-dev.yml
+++ b/iot-gateway/src/main/resources/bootstrap-dev.yml
@@ -1,4 +1,9 @@
 spring:
+  redis:
+    host: 192.168.8.146
+    port: 32030
+    password: 123456
+    timeout: 5000
   cloud:
 #    config:
 #      # 如果本地配置优先级高，那么 override-none 设置为 true，包括系统环境变量、本地配置文件等配置
@@ -19,19 +24,50 @@ spring:
         # 共享配置
         shared-configs:
           - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
-  redis:
-    #    cluster:
-    #      nodes:
-    #        - 127.0.0.1:7001
-    #        - 127.0.0.1:7002
-    host: 192.168.8.146
-    port: 32030
-    password: 123456
-    timeout: 5000
-  gateway:
-    routes:
-      - id: qiuguo-iot-box-user-api
-        uri: http://192.168.8.199:8080
-        predicates:
-          - Path=/iot-user/**
-        order: 1
\ No newline at end of file
+    gateway:
+      discovery:
+        locator:
+          # 开启服务发现
+          enabled: true
+          # 忽略注册中心服务的大小写
+          lower-case-service-id: true
+      globalcors:
+        corsConfigurations:
+          '[/**]':
+            # 允许携带认证信息
+            allow-credentials: true
+            # 允许跨域的源(网站域名/ip)，设置*为全部
+            allowedOriginPatterns: "*"
+            # 允许跨域的method， 默认为GET和OPTIONS，设置*为全部
+            allowedMethods: "*"
+            # 允许跨域请求里的head字段，设置*为全部
+            allowedHeaders: "*"
+      routes:
+        #        # 系统服务
+        #        - id: qiuguo-iot-box-user-api
+        #          # 匹配后路由地址
+        #          uri: lb://qiuguo-iot-box-user-api
+        #          # 断言，路径相匹配的进行路由
+        #          predicates:
+        #            - Path=/qiuguo-iot-box-user-api/**
+        #          filters:
+        #            # 转发时去掉一层路径
+        #            - StripPrefix=1
+        - id: route_qiuguo-iot-box-user-api
+          uri: lb://qiuguo-iot-box-user-api
+          predicates:
+            - Path=/**
+
+# 安全配置
+security:
+  # 防止XSS攻击
+  xss:
+    enabled: true
+    # 排除的路径
+    exclude-urls:
+      - /iot-user/user/user/login/pwd
+#application:
+#  cors:
+#    allowed-crigin-patterns:
+#      - /iot-user/user/user/login/pwd
+