diff --git a/app.js b/app.js
index 9800b24..abba91d 100644
--- a/app.js
+++ b/app.js
@@ -62,12 +62,12 @@ var corsOptions = {
     if (process.env.corslist.indexOf(origin) !== -1 || !origin) {
       callback(null, true);
     } else {
-      callback(new Error());
+      callback(new Error('Not allowed by CORS'));
     }
   },
   methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
   preflightContinue: false,
-  optionsSuccessStatus: 204,
+  optionsSuccessStatus: 200,
   credentials: true,
 };
 app.use(cors(corsOptions)); // 应用CORS配置函数
@@ -111,6 +111,7 @@ global.dirname = __dirname;
 http.createServer(app).listen(3000, "0.0.0.0", function () {
   console.log("Listening on http://localhost:3000");
 }); // 平台总入口
+app.options('*', cors())
 app.all("*", function (req, res, next) {
   //console.log(req.method +' '+ req.url + " IP:" + req.ip);
 
diff --git a/server/router_scratch.js b/server/router_scratch.js
index ec82db9..f13cfab 100644
--- a/server/router_scratch.js
+++ b/server/router_scratch.js
@@ -151,11 +151,11 @@ router.get("/projectinfo", function (req, res) {
   ` ow_Users.motto AS author_motto` +
   ` FROM scratch ` +
   ` LEFT JOIN ow_Users ON (ow_Users.id=scratch.authorid) ` +
-  ` WHERE scratch.id=${req.query.id} AND scratch.state>=1 LIMIT 1`;
+  ` WHERE scratch.id=${req.query.id} AND (scratch.state>=1 or scratch.authorid=${res.locals.userid}) LIMIT 1`;
   DB.query(SQL, function (err, SCRATCH) {
     if (err || SCRATCH.length == 0) {
       res.locals.tip = { opt: "flash", msg: "项目不存在或未发布" };
-      res.render("404.ejs");
+      res.send({code:404,status:"404",msg:"项目不存在或未发布"})
       return;
     }
 
@@ -181,7 +181,7 @@ router.get("/projectinfo2", function (req, res) {
   DB.query(SQL, function (err, SCRATCH) {
     if (err || SCRATCH.length == 0) {
       res.locals.tip = { opt: "flash", msg: "项目不存在或未发布" };
-      res.render("404.ejs");
+      res.send({code:404,status:"404",msg:"项目不存在或未发布"})
       return;
     }
     res.locals["is_author"] =
@@ -613,8 +613,10 @@ router.post("/projects", function (req, res) {
   if (req.query.title) {
     title = req.query.title;
   }
+
+
   var INSERT = `INSERT INTO scratch (authorid, title, src) VALUES (${res.locals.userid}, ?, ?)`;
-  var VAL = [title, `${JSON.stringify(req.body)}`];
+  var VAL = [title, `${JSON.stringify(req.body.work||req.body)}`];
   DB.qww(INSERT, VAL, function (err, newScratch) {
     if (err || newScratch.affectedRows == 0) {
       res.send(404);