diff --git a/.gitignore b/.gitignore
index 4e10c241f65..f8b1ce7e83f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,4 +21,5 @@ dist/
 # Dependency directories (remove the comment below to include it)
 # vendor/
 *.yml
-bin/*
\ No newline at end of file
+bin/*
+alist
\ No newline at end of file
diff --git a/README.md b/README.md
index 96eb214c09c..cf8a064a994 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-<p>
+<p align="center">
     <img src="https://img.oez.cc/2020/12/24/1fb16bc25a4f6.png" alt="RenewalManage Logo" width=200/>
 </p>
 <p align="center">
@@ -10,6 +10,7 @@
     <img src="https://img.shields.io/badge/%24-donate-ff69b4.svg" alt="donate">
   </a>
 </p>
+---
 
 ### 这是什么？
 
@@ -47,6 +48,7 @@
 - [x] `Readme`渲染
 - [x] 密码加密
 - [ ] 搜索与翻页
+- [ ] 文件直链
 - [ ] 路径优化
 - [ ] 缓存
 
diff --git a/alidrive/auth.go b/alidrive/auth.go
index 972e6ff5468..10eb61cf74f 100644
--- a/alidrive/auth.go
+++ b/alidrive/auth.go
@@ -66,9 +66,10 @@ func RefreshToken() bool {
 			return false
 		}
 	}
-	//刷新成功 更新token
+	//刷新成功 更新token并写入文件
 	conf.Conf.AliDrive.AccessToken=token.AccessToken
 	conf.Conf.AliDrive.RefreshToken=token.RefreshToken
 	conf.Authorization=token.TokenType+"\t"+token.AccessToken
+	utils.WriteToYml(conf.Con,conf.Conf)
 	return true
 }
diff --git a/bootstrap/cron.go b/bootstrap/cron.go
index 0b411e145e3..e503ba999a3 100644
--- a/bootstrap/cron.go
+++ b/bootstrap/cron.go
@@ -2,8 +2,6 @@ package bootstrap
 
 import (
 	"github.com/Xhofe/alist/alidrive"
-	"github.com/Xhofe/alist/conf"
-	"github.com/Xhofe/alist/utils"
 	"github.com/robfig/cron/v3"
 	log "github.com/sirupsen/logrus"
 )
@@ -12,7 +10,6 @@ var Cron *cron.Cron
 
 func refreshToken()  {
 	alidrive.RefreshToken()
-	utils.WriteToYml(conf.Con,conf.Conf)
 }
 
 func InitCron() {
diff --git a/server/middlewares.go b/server/middlewares.go
index 84c55c213c2..b696c48852b 100644
--- a/server/middlewares.go
+++ b/server/middlewares.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"github.com/Xhofe/alist/conf"
 	"github.com/gin-gonic/gin"
 	"net/http"
 )
@@ -9,13 +10,13 @@ func CrosHandler() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		method := context.Request.Method
 		context.Writer.Header().Set("Access-Control-Allow-Origin", "*")
-		context.Header("Access-Control-Allow-Origin", "*") // 设置允许访问所有域
+		context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl) // 设置允许访问所有域
 		context.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE,UPDATE")
 		context.Header("Access-Control-Allow-Headers", "Authorization, Content-Length, X-CSRF-Token, Token,session,X_Requested_With,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language,DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Pragma,token,openid,opentoken")
 		context.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar")
 		context.Header("Access-Control-Max-Age", "172800")
-		context.Header("Access-Control-Allow-Credentials", "false")
-		context.Set("content-type", "application/json")  //设置返回格式是json
+		context.Header("Access-Control-Allow-Credentials", "true")
+		//context.Set("content-type", "application/json")  //设置返回格式是json
 
 		if method == "OPTIONS" {
 			context.JSON(http.StatusOK, metaResponse(200,"Options Request!"))