diff --git a/backend/src/main/java/io/metersphere/security/CsrfFilter.java b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
index 2468e287c3..358850f664 100644
--- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java
+++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
@@ -26,6 +26,7 @@ public class CsrfFilter extends AnonymousFilter {
 
         if (!SecurityUtils.getSubject().isAuthenticated()) {
             ((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
+            return true;
         }
         // api 过来的请求
         if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {