diff --git a/application/common.php b/application/common.php
index fa160030b771c163ecb4ac2a6e3fc262b875d459..a2cc403b58da6cc4e3fd507d23f586dcdd7f3f87 100755
--- a/application/common.php
+++ b/application/common.php
@@ -431,8 +431,8 @@ if (!function_exists('check_cors_request')) {
             if (in_array("*", $domainArr) || in_array($_SERVER['HTTP_ORIGIN'], $domainArr) || (isset($info['host']) && in_array($info['host'], $domainArr))) {
                 header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
             } else {
-                header('HTTP/1.1 403 Forbidden');
-                exit;
+                $response = Response::create('cors 检测无效', 'html', 403);
+                throw new HttpResponseException($response);
             }
 
             header('Access-Control-Allow-Credentials: true');
@@ -445,7 +445,8 @@ if (!function_exists('check_cors_request')) {
                 if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
                     header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
                 }
-                exit;
+                $response = Response::create('', 'json');
+                throw new HttpResponseException($response);
             }
         }
     }
@@ -474,7 +475,8 @@ if (!function_exists('check_ip_allowed')) {
         $forbiddenipArr = is_array($forbiddenipArr) ? $forbiddenipArr : array_filter(explode("\n", str_replace("\r\n", "\n", $forbiddenipArr)));
         if ($forbiddenipArr && \Symfony\Component\HttpFoundation\IpUtils::checkIp($ip, $forbiddenipArr)) {
             header('HTTP/1.1 403 Forbidden');
-            exit;
+            $response = Response::create('ip 无权访问', 'html', 403);
+            throw new HttpResponseException($response);
         }
     }
 }