diff --git a/server/Program.cs b/server/Program.cs
index b3c015e..c5fbe28 100644
--- a/server/Program.cs
+++ b/server/Program.cs
@@ -64,6 +64,37 @@ try
             };
             options.Authority = $"http://{Global.LocalHost}:5000";
             options.RequireHttpsMetadata = false;
+
+            // We have to hook the OnMessageReceived event in order to
+            // allow the JWT authentication handler to read the access
+            // token from the query string when a WebSocket or
+            // Server-Sent Events request comes in.
+
+            // Sending the access token in the query string is required when using WebSockets or ServerSentEvents
+            // due to a limitation in Browser APIs. We restrict it to only calls to the
+            // SignalR hub in this code.
+            // See https://docs.microsoft.com/aspnet/core/signalr/security#access-token-logging
+            // for more information about security considerations when using
+            // the query string to transmit the access token.
+            options.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    var accessToken = context.Request.Query["access_token"];
+
+                    // If the request is for our hub...
+                    var path = context.HttpContext.Request.Path;
+                    if (!string.IsNullOrEmpty(accessToken) && (
+                            path.StartsWithSegments("/hubs/JtagHub") ||
+                            path.StartsWithSegments("/hubs/ProgressHub")
+                        ))
+                    {
+                        // Read the token out of the query string
+                        context.Token = accessToken;
+                    }
+                    return Task.CompletedTask;
+                }
+            };
         });
     // Add JWT Token Authorization Policy
     builder.Services.AddAuthorization(options =>
diff --git a/server/src/Controllers/VideoStreamController.cs b/server/src/Controllers/VideoStreamController.cs
index 0c23365..33820ae 100644
--- a/server/src/Controllers/VideoStreamController.cs
+++ b/server/src/Controllers/VideoStreamController.cs
@@ -11,6 +11,7 @@ using server.Services;
 /// </summary>
 [ApiController]
 [Authorize]
+[EnableCors("Users")]
 [Route("api/[controller]")]
 public class VideoStreamController : ControllerBase
 {
@@ -64,7 +65,6 @@ public class VideoStreamController : ControllerBase
     /// </summary>
     /// <returns>服务状态信息</returns>
     [HttpGet("ServiceStatus")]
-    [EnableCors("Users")]
     [ProducesResponseType(typeof(VideoStreamServiceStatus), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
     public IResult GetServiceStatus()
@@ -85,7 +85,6 @@ public class VideoStreamController : ControllerBase
     }
 
     [HttpGet("MyEndpoint")]
-    [EnableCors("Users")]
     [ProducesResponseType(typeof(VideoStreamEndpoint), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
     public IResult MyEndpoint()
@@ -109,7 +108,6 @@ public class VideoStreamController : ControllerBase
     /// </summary>
     /// <returns>连接测试结果</returns>
     [HttpPost("TestConnection")]
-    [EnableCors("Users")]
     [ProducesResponseType(typeof(bool), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
     public async Task<IResult> TestConnection()
@@ -143,6 +141,8 @@ public class VideoStreamController : ControllerBase
     }
 
     [HttpPost("SetVideoStreamEnable")]
+    [ProducesResponseType(typeof(object), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
     public async Task<IActionResult> SetVideoStreamEnable(bool enable)
     {
         try