diff --git a/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java b/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
index 987082fd..13a86367 100644
--- a/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
+++ b/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
@@ -11,6 +11,7 @@ package com.lz.modules.sys.oauth2;
 import com.google.gson.Gson;
 import com.lz.common.utils.HttpContextUtils;
 import com.lz.common.utils.R;
+import com.lz.common.utils.SpringContextUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpStatus;
 import org.apache.shiro.authc.AuthenticationException;
@@ -56,7 +57,8 @@ public class OAuth2Filter extends AuthenticatingFilter {
     protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
         //获取请求token，如果token不存在，直接返回401
         String token = getRequestToken((HttpServletRequest) request);
-        if(StringUtils.isBlank(token)){
+        String profile = SpringContextUtils.getActiveProfile();
+        if("prod".equals(profile) && StringUtils.isBlank(token)){
             HttpServletResponse httpResponse = (HttpServletResponse) response;
             httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
             httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
@@ -67,8 +69,6 @@ public class OAuth2Filter extends AuthenticatingFilter {
             return false;
         }
         return executeLogin(request, response);
-//        return true;
-
     }
 
     @Override