diff --git a/hb_server/apps/hrm/views.py b/hb_server/apps/hrm/views.py
index 5bf9457..ed733da 100644
--- a/hb_server/apps/hrm/views.py
+++ b/hb_server/apps/hrm/views.py
@@ -125,6 +125,7 @@ class FaceLogin(CreateAPIView):
         user, msg = HRMService.face_compare_from_base64(base64_data)
         if user:
             refresh = RefreshToken.for_user(user)
+            # 可设为在岗
             return Response({
                 'refresh': str(refresh),
                 'access': str(refresh.access_token),
diff --git a/hb_server/server/settings.py b/hb_server/server/settings.py
index 1d11566..2890f6b 100644
--- a/hb_server/server/settings.py
+++ b/hb_server/server/settings.py
@@ -63,6 +63,8 @@ INSTALLED_APPS = [
     'apps.develop'
 ]
 
+X_FRAME_OPTIONS = 'SAMEORIGIN'
+
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',