diff --git a/pkg/serverconfigs/shared/http_cors_header_config.go b/pkg/serverconfigs/shared/http_cors_header_config.go
index 72f8436..0683403 100644
--- a/pkg/serverconfigs/shared/http_cors_header_config.go
+++ b/pkg/serverconfigs/shared/http_cors_header_config.go
@@ -4,14 +4,21 @@ package shared
 
 // HTTPCORSHeaderConfig 参考 https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
 type HTTPCORSHeaderConfig struct {
-	IsOn             bool     `yaml:"isOn" json:"isOn"`
-	AllowMethods     []string `yaml:"allowMethods" json:"allowMethods"`         // TODO
-	AllowOrigin      string   `yaml:"allowOrigin" json:"allowOrigin"`           // TODO
-	AllowCredentials bool     `yaml:"allowCredentials" json:"allowCredentials"` // TODO
-	ExposeHeaders    []string `yaml:"exposeHeaders" json:"exposeHeaders"`       // TODO
-	MaxAge           int32    `yaml:"maxAge" json:"maxAge"`                     // TODO
-	RequestHeaders   []string `yaml:"requestHeaders" json:"requestHeaders"`     // TODO
-	RequestMethod    string   `yaml:"requestMethod" json:"requestMethod"`       // TODO
+	IsOn              bool     `yaml:"isOn" json:"isOn"`
+	AllowMethods      []string `yaml:"allowMethods" json:"allowMethods"`
+	AllowOrigin       string   `yaml:"allowOrigin" json:"allowOrigin"`           // TODO
+	AllowCredentials  bool     `yaml:"allowCredentials" json:"allowCredentials"` // TODO，实现时需要升级以往的老数据
+	ExposeHeaders     []string `yaml:"exposeHeaders" json:"exposeHeaders"`
+	MaxAge            int32    `yaml:"maxAge" json:"maxAge"`
+	RequestHeaders    []string `yaml:"requestHeaders" json:"requestHeaders"` // TODO
+	RequestMethod     string   `yaml:"requestMethod" json:"requestMethod"`
+	OptionsMethodOnly bool     `yaml:"optionsMethodOnly" json:"optionsMethodOnly"`
+}
+
+func NewHTTPCORSHeaderConfig() *HTTPCORSHeaderConfig {
+	return &HTTPCORSHeaderConfig{
+		AllowCredentials: true,
+	}
 }
 
 func (this *HTTPCORSHeaderConfig) Init() error {