diff --git a/.env.shenranqi b/.env.shenranqi
index d723eda..0038c9a 100644
--- a/.env.shenranqi
+++ b/.env.shenranqi
@@ -1,4 +1,4 @@
-###  VITE_h5_client_url=http://10.9.18.138:18900
-VITE_h5_client_url=https://bqw-120.ii999.live:20038
+VITE_h5_client_url=http://10.9.18.138:18900
+###  VITE_h5_client_url=https://bqw-120.ii999.live:20038
 #VITE_h5_client_url=http://127.0.0.1:18901
 VITE_HsAppCode=1
diff --git a/.gitignore b/.gitignore
index d0f7a7f..f8eaeee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ package-lock.json
 .cursor
 ./.idea
 ./.idea/**
+.idea/
diff --git a/src/main/ipc.js b/src/main/ipc.js
index d0eca56..3a73f45 100644
--- a/src/main/ipc.js
+++ b/src/main/ipc.js
@@ -28,6 +28,7 @@ export function setupIPC() {
     setStoreValue("token", data.token);
     setStoreValue("dify_access_token:", data.dify_access_token);
     setStoreValue("dify_refresh_token", data.dify_refresh_token);
+    setStoreValue("dify_csrf_token", data.dify_csrf_token);
     setStoreValue("userInfo", data.userInfo);
 
     setStoreValue("apiUrl", data.apiUrl);
@@ -207,7 +208,7 @@ export function setupIPC() {
     newWindow.webContents.on('did-fail-load', (event, errorCode, errorDescription) => {
       console.error('页面加载失败:', errorDescription);
       failLoadCount++;
-      
+
       if (failLoadCount <= maxRetries) {
         console.log(`页面加载失败，${retryDelay}ms后进行第${failLoadCount}次重试...`);
         setTimeout(() => {
@@ -252,7 +253,7 @@ export function setupIPC() {
     newWindow.webContents.on('did-fail-load', (event, errorCode, errorDescription) => {
       console.error('页面加载失败:', errorDescription);
       failLoadCount2++;
-      
+
       if (failLoadCount2 <= maxRetries2) {
         console.log(`页面加载失败，${retryDelay2}ms后进行第${failLoadCount2}次重试...`);
         setTimeout(() => {
@@ -307,7 +308,7 @@ export function setupIPC() {
         const urlParts = fileUrl.split('/');
         fileName = urlParts[urlParts.length - 1] || '';
       }
-      
+
       // 解码文件名，解决中文乱码问题
       try {
         fileName = decodeURIComponent(fileName);
@@ -315,7 +316,7 @@ export function setupIPC() {
         // 如果解码失败，保持原文件名
         logger.warn(`文件名解码失败: ${fileName}`);
       }
-      
+
       // 如果提取的文件名为空，使用时间戳生成默认名称
       if (!fileName || fileName === '') {
         fileName = `downloaded_file_${Date.now()}`;
@@ -323,12 +324,12 @@ export function setupIPC() {
 
       // 获取用户下载目录
       const downloadDir = path.join(os.homedir(), 'Downloads');
-      
+
       // 确保下载目录存在
       if (!fs.existsSync(downloadDir)) {
         fs.mkdirSync(downloadDir, { recursive: true });
       }
-      
+
       const outputLocationPath = path.join(downloadDir, fileName);
       const writer = fs.createWriteStream(outputLocationPath);
       let receivedBytes = 0;
@@ -385,11 +386,11 @@ export function setupIPC() {
     try {
       // 标记为正在重启，避免其他退出逻辑干扰
       app.isRestarting = true;
-      
+
       // 确保所有窗口都被正确关闭
       const windows = BrowserWindow.getAllWindows();
       logger.info(`准备关闭 ${windows.length} 个窗口`);
-      
+
       windows.forEach(window => {
         if (!window.isDestroyed()) {
           try {
@@ -400,7 +401,7 @@ export function setupIPC() {
           }
         }
       });
-      
+
       // 延迟执行重启，确保窗口关闭完成
       setTimeout(() => {
         try {
@@ -417,7 +418,7 @@ export function setupIPC() {
           }
         }
       }, 1000);
-      
+
       return { success: true };
     } catch (error) {
       logger.error(`重启软件失败: ${error.message}`);
diff --git a/src/main/window.js b/src/main/window.js
index ed00243..2a12371 100644
--- a/src/main/window.js
+++ b/src/main/window.js
@@ -306,6 +306,7 @@ export async function createNewWindow(url, access_token, refresh_token,sandbox=f
   const origin_url = url
   logger.info('==========createNewWindow')
   logger.info('==========createNewWindow  sandbox',sandbox)
+  const csrf_token=getStoreValue("dify_csrf_token")
 
   await checkAndApplyDeviceAccessPrivilege()
 
@@ -331,9 +332,24 @@ export async function createNewWindow(url, access_token, refresh_token,sandbox=f
     registerShortcuts(difyfullScreenWindow)
   })
 
-  let code = `localStorage.setItem("IsHsAiApp","IsHsAiApp");localStorage.setItem("console_token","${access_token}");localStorage.setItem("refresh_token","12");`
-  const isAdmin = getStoreValue("isAdmin")
   const hs_version = getStoreValue("hs_version")
+
+  const cookieStatements = [
+    `document.cookie = "access_token=${access_token}";`,
+    `document.cookie = "refresh_token=${refresh_token}";`,
+    `document.cookie = "csrf_token=${csrf_token}";`,
+    `document.cookie = "hs_version=${hs_version}";`
+  ].join('\n');
+
+  const localStorageStatements = [
+    `localStorage.setItem("IsHsAiApp", "IsHsAiApp");`,
+    `localStorage.setItem("console_token", "${access_token}");`,
+    `localStorage.setItem("refresh_token", "12");`
+  ].join('\n');
+
+  let code = `${localStorageStatements}\n${cookieStatements};`;
+
+  const isAdmin = getStoreValue("isAdmin")
   let display='';
 
   if (isAdmin==true){
@@ -356,7 +372,7 @@ export async function createNewWindow(url, access_token, refresh_token,sandbox=f
     `
   }
 
-  code=code+`document.cookie="hs_version=${hs_version}";`
+  code=code+`;document.cookie="hs_version=${hs_version}";`
 
   difyfullScreenWindow.webContents.on('did-finish-load', () => {
     difyfullScreenWindow.webContents