diff --git a/core/corehttp/corehttp.go b/core/corehttp/corehttp.go
index eb69b6a6a..9af5c7f82 100644
--- a/core/corehttp/corehttp.go
+++ b/core/corehttp/corehttp.go
@@ -54,20 +54,17 @@ func makeHandler(n *core.IpfsNode, l net.Listener, options ...ServeOption) (http
 		}
 
 		err := interceptorBeforeReq(r, n)
-		if errors.Is(err, ErrorGatewayCidExits) {
+
+		if errors.Is(err, ErrGatewayCidExits) {
 			http.Error(w, "", http.StatusNotFound)
 			return
 		}
-		if err != nil {
-			// set allow origin
-			w.Header().Set("Access-Control-Allow-Origin", "*")
-			if r.Method == http.MethodOptions {
-				w.Header().Set("Access-Control-Allow-Origin", "*")
-				w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-Stream-Output, X-Chunked-Output, X-Content-Length")
+
+		if errors.Is(err, ErrNotLogin) || errors.Is(err, ErrInvalidToken) || errors.Is(err, ErrTwoStepCheckErr) {
+			if r.Method != http.MethodOptions {
+				http.Error(w, err.Error(), http.StatusUnauthorized)
 				return
 			}
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return
 		}
 
 		topMux.ServeHTTP(w, r)
diff --git a/core/corehttp/corehttp_interceptor.go b/core/corehttp/corehttp_interceptor.go
index dea1d9e5f..d2e5e1f99 100644
--- a/core/corehttp/corehttp_interceptor.go
+++ b/core/corehttp/corehttp_interceptor.go
@@ -18,7 +18,10 @@ const defaultTwoStepDuration = 30 * time.Minute
 const firstStepUrl = "dashboard/validate"
 
 var (
-	ErrorGatewayCidExits = errors.New("cid exits")
+	ErrNotLogin        = errors.New("please login")
+	ErrInvalidToken    = errors.New("invalid token")
+	ErrTwoStepCheckErr = errors.New("please validate your password first")
+	ErrGatewayCidExits = errors.New("cid exits")
 )
 
 func interceptorBeforeReq(r *http.Request, n *core.IpfsNode) error {
@@ -45,7 +48,7 @@ func interceptorBeforeReq(r *http.Request, n *core.IpfsNode) error {
 	}
 
 	if exits {
-		return ErrorGatewayCidExits
+		return ErrGatewayCidExits
 	}
 
 	return nil
@@ -59,7 +62,7 @@ func twoStepCheckInterceptor(r *http.Request) error {
 		return nil
 	}
 
-	return errors.New("please validate your password first")
+	return ErrTwoStepCheckErr
 }
 
 func interceptorAfterResp(r *http.Request, w http.ResponseWriter, n *core.IpfsNode) error {
@@ -80,7 +83,7 @@ func tokenCheckInterceptor(r *http.Request, n *core.IpfsNode) error {
 		return nil
 	}
 	if !commands.IsLogin {
-		return fmt.Errorf("please login")
+		return ErrNotLogin
 	}
 	args := r.URL.Query()
 	token := args.Get("token")
@@ -93,7 +96,7 @@ func tokenCheckInterceptor(r *http.Request, n *core.IpfsNode) error {
 		return err
 	}
 	if claims.PeerId != n.Identity.String() {
-		return fmt.Errorf("token is invalid")
+		return ErrInvalidToken
 	}
 
 	return nil