diff --git a/easyai-proxy.conf.sample b/easyai-proxy.conf.sample
index 83fe8f0..260f77a 100644
--- a/easyai-proxy.conf.sample
+++ b/easyai-proxy.conf.sample
@@ -36,7 +36,7 @@ server {
         ssl_protocols TLSv1.2 TLSv1.3;  # 只启用 TLS 1.2 和 TLS 1.3
         # 通用安全头部
         add_header X-Content-Type-Options nosniff;
-        add_header X-Frame-Options "SAMEORIGIN";
+        # add_header X-Frame-Options "SAMEORIGIN";
         add_header X-XSS-Protection "1; mode=block";
     # 用于 certbot 验证的配置
     location /.well-known/acme-challenge/ {
@@ -57,6 +57,15 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $host;
+
+        # 如果 X-Frame-Options 是上游返回的，隐藏它
+        proxy_hide_header X-Frame-Options;
+
+        # Wujie 会 fetch HTML，必须允许跨源读取
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
+        add_header Cross-Origin-Resource-Policy "cross-origin" always;
     }
 
     location /api/ {