diff --git a/SuperAdmin/middleware.ts b/SuperAdmin/middleware.ts
new file mode 100644
index 00000000..ae1ba39c
--- /dev/null
+++ b/SuperAdmin/middleware.ts
@@ -0,0 +1,31 @@
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+
+export function middleware(request: NextRequest) {
+  // 获取响应对象
+  const response = NextResponse.next()
+
+  // 设置CORS头
+  response.headers.set('Access-Control-Allow-Credentials', 'true')
+  response.headers.set('Access-Control-Allow-Origin', '*') // 在生产环境中应该设置为特定域名
+  response.headers.set('Access-Control-Allow-Methods', 'GET,DELETE,PATCH,POST,PUT,OPTIONS')
+  response.headers.set('Access-Control-Allow-Headers', 'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Authorization')
+
+  // 处理预检请求
+  if (request.method === 'OPTIONS') {
+    return new NextResponse(null, { status: 200, headers: response.headers })
+  }
+
+  return response
+}
+
+// 配置中间件应用的路径
+export const config = {
+  matcher: [
+    // 匹配所有API路由
+    '/api/:path*',
+    // 匹配需要跨域的特定外部API请求
+    '/company/:path*',
+    '/v1/api/:path*',
+  ],
+} 
\ No newline at end of file
diff --git a/SuperAdmin/next.config.mjs b/SuperAdmin/next.config.mjs
index db42585b..aa8e7997 100644
--- a/SuperAdmin/next.config.mjs
+++ b/SuperAdmin/next.config.mjs
@@ -27,6 +27,19 @@ const nextConfig = {
     parallelServerBuildTraces: true,
     parallelServerCompiles: true,
   },
+  async headers() {
+    return [
+      {
+        source: '/api/:path*',
+        headers: [
+          { key: 'Access-Control-Allow-Credentials', value: 'true' },
+          { key: 'Access-Control-Allow-Origin', value: '*' },
+          { key: 'Access-Control-Allow-Methods', value: 'GET,DELETE,PATCH,POST,PUT,OPTIONS' },
+          { key: 'Access-Control-Allow-Headers', value: 'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Authorization' },
+        ],
+      },
+    ]
+  },
 }
 
 if (userConfig) {