diff --git a/backend/src/main/java/io/metersphere/config/ShiroConfig.java b/backend/src/main/java/io/metersphere/config/ShiroConfig.java
index 1b5b18770a..05729f12d8 100644
--- a/backend/src/main/java/io/metersphere/config/ShiroConfig.java
+++ b/backend/src/main/java/io/metersphere/config/ShiroConfig.java
@@ -49,6 +49,7 @@ public class ShiroConfig implements EnvironmentAware {
         Map<String, String> filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap();
         ShiroUtils.loadBaseFilterChain(filterChainDefinitionMap);
 
+        filterChainDefinitionMap.put("/", "apikey, authc"); // 跳转到 / 不用校验 csrf
         filterChainDefinitionMap.put("/**", "apikey, csrf, authc");
         return shiroFilterFactoryBean;
     }
diff --git a/frontend/src/business/App.vue b/frontend/src/business/App.vue
index 6362aa95bd..d547ff19dd 100644
--- a/frontend/src/business/App.vue
+++ b/frontend/src/business/App.vue
@@ -30,6 +30,7 @@ import MsUser from "./components/common/head/HeaderUser";
 import MsHeaderOrgWs from "./components/common/head/HeaderOrgWs";
 import MsLanguageSwitch from "./components/common/head/LanguageSwitch";
 import {saveLocalStorage} from "@/common/js/utils";
+import {registerRequestHeaders} from "@/common/js/ajax";
 
 const requireComponent = require.context('@/business/components/xpack/', true, /\.vue$/);
 const header = requireComponent.keys().length > 0 ? requireComponent("./license/LicenseMessage.vue") : {};
@@ -53,6 +54,7 @@ export default {
     window.addEventListener("beforeunload", () => {
       localStorage.setItem("store", JSON.stringify(this.$store.state))
     })
+    registerRequestHeaders();
   },
   beforeCreate() {
     this.$get("/isLogin").then(response => {
diff --git a/frontend/src/common/js/ajax.js b/frontend/src/common/js/ajax.js
index 50b639a0a3..b199a9f47f 100644
--- a/frontend/src/common/js/ajax.js
+++ b/frontend/src/common/js/ajax.js
@@ -3,6 +3,16 @@ import axios from "axios";
 import i18n from '../../i18n/i18n'
 import {TokenKey} from "@/common/js/constants";
 
+export function registerRequestHeaders() {
+  axios.interceptors.request.use(config => {
+    let user = JSON.parse(localStorage.getItem(TokenKey));
+    if (user && user.csrfToken) {
+      config.headers['CSRF-TOKEN'] = user.csrfToken;
+    }
+    return config;
+  });
+}
+
 export default {
   install(Vue) {
 
@@ -40,15 +50,6 @@ export default {
       return Promise.reject(error);
     });
 
-    axios.interceptors.request.use(config => {
-      let user = JSON.parse(localStorage.getItem(TokenKey));
-      if (user && user.csrfToken) {
-        config.headers['CSRF-TOKEN'] = user.csrfToken;
-      }
-      return config;
-    });
-
-
     function then(success, response, result) {
       if (!response.data) {
         success(response);