diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
index 7ac920f2..063d9131 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
@@ -48,10 +48,11 @@ public class SecurityConfig implements WebMvcConfigurer {
                     // 检查是否登录 是否有token
                     StpUtil.checkLogin();
 
-                    // 检查 header 里的 clientId 与 token 里的是否一致
+                    // 检查 header 与 param 里的 clientid 与 token 里的是否一致
                     String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);
+                    String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);
                     String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
-                    if (!StringUtils.equals(headerCid, clientId)) {
+                    if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
                         // token 无效
                         throw NotLoginException.newInstance(
                             StpUtil.getLoginType(),