diff --git a/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java b/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java
index 3b05aefa87..c51b92ac47 100644
--- a/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java
+++ b/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java
@@ -58,6 +58,7 @@ public class Swagger2Parser extends SwaggerAbstractParser {
 
         ApiModule parentNode = ApiDefinitionImportUtil.getSelectModule(importRequest.getModuleId());
 
+        String basePath = swagger.getBasePath();
         for (String pathName : pathNames) {
             Path path = paths.get(pathName);
             Map<HttpMethod, Operation> operationMap = path.getOperationMap();
@@ -68,6 +69,10 @@ public class Swagger2Parser extends SwaggerAbstractParser {
                 ApiDefinitionWithBLOBs apiDefinition = buildApiDefinition(request.getId(), operation, pathName, method.name(),importRequest);
                 parseParameters(operation, request);
                 addBodyHeader(request);
+                if (StringUtils.isNotBlank(basePath)) {
+                    apiDefinition.setPath(basePath + apiDefinition.getPath());
+                    request.setPath(basePath + request.getPath());
+                }
                 apiDefinition.setRequest(JSON.toJSONString(request));
                 apiDefinition.setResponse(JSON.toJSONString(parseResponse(operation, operation.getResponses())));
                 buildModule(parentNode, apiDefinition, operation.getTags());
diff --git a/backend/src/main/java/io/metersphere/security/CsrfFilter.java b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
index 32f6bc9ae0..66ef15689e 100644
--- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java
+++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
@@ -42,7 +42,12 @@ public class CsrfFilter extends AnonymousFilter {
         // 请求头取出的token value
         String csrfToken = httpServletRequest.getHeader(TOKEN_NAME);
         // 校验 token
-        validateToken(csrfToken);
+        try {
+            validateToken(csrfToken);
+        } catch (ExpiredCredentialsException e) {
+            ((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
+            return true;
+        }
         // 校验 referer
         validateReferer(httpServletRequest);
         return true;
diff --git a/frontend/src/business/components/xpack b/frontend/src/business/components/xpack
index f63ebb68eb..3571feccf7 160000
--- a/frontend/src/business/components/xpack
+++ b/frontend/src/business/components/xpack
@@ -1 +1 @@
-Subproject commit f63ebb68ebad78de42fd711f17e2671e34577a86
+Subproject commit 3571feccf7c2bc68e4b619f6c367ac47d37c6723