diff --git a/nginx/openim-pc-proxy.conf b/nginx/openim-pc-proxy.conf
index 14c8ddf..2bf677d 100644
--- a/nginx/openim-pc-proxy.conf
+++ b/nginx/openim-pc-proxy.conf
@@ -7,6 +7,7 @@
 # 安全组 / 防火墙须放行 TCP 80；后端 10001/10002/10008 仅需本机访问（127.0.0.1）
 #
 # CORS：Vite 开发服在 :5173，API 经 :80 反代，浏览器视为跨域，需在此返回允许头并处理 OPTIONS 预检
+# chat-api / openim 等上游若自带 Access-Control-Allow-Origin（如 *），会与下方 add_header 合并成多个值导致浏览器报错，故用 proxy_hide_header 剥掉上游 CORS
 #
 # default_server：纯 IP 访问 http://x.x.x.x/ 时命中本 server（不做 CMS 静态站，仅 API 网关）
 # CMS 开发请用 http://IP:8001（UMI dev）
@@ -43,6 +44,11 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
         add_header Access-Control-Allow-Origin $http_origin always;
         add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
         add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
@@ -66,6 +72,11 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
         add_header Access-Control-Allow-Origin $http_origin always;
         add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
         add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
@@ -89,6 +100,11 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
         add_header Access-Control-Allow-Origin $http_origin always;
         add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
         add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
@@ -116,6 +132,11 @@ server {
         proxy_buffering off;
         proxy_read_timeout 86400s;
         proxy_send_timeout 86400s;
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
         add_header Access-Control-Allow-Origin $http_origin always;
     }