diff --git a/plugins/apiauth/apiauth.go b/plugins/apiauth/apiauth.go
index bbae7def..56a92d25 100644
--- a/plugins/apiauth/apiauth.go
+++ b/plugins/apiauth/apiauth.go
@@ -83,41 +83,41 @@ func APIBaiscAuth(appid, appkey string) beego.FilterFunc {
 func APIAuthWithFunc(f AppIdToAppSecret, timeout int) beego.FilterFunc {
 	return func(ctx *context.Context) {
 		if ctx.Input.Query("appid") == "" {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("miss query param: appid")
 			return
 		}
 		appsecret := f(ctx.Input.Query("appid"))
 		if appsecret == "" {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("not exist this appid")
 			return
 		}
 		if ctx.Input.Query("signature") == "" {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("miss query param: signature")
 			return
 		}
 		if ctx.Input.Query("timestamp") == "" {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("miss query param: timestamp")
 			return
 		}
 		u, err := time.Parse("2006-01-02 15:04:05", ctx.Input.Query("timestamp"))
 		if err != nil {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("timestamp format is error, should 2006-01-02 15:04:05")
 			return
 		}
 		t := time.Now()
 		if t.Sub(u).Seconds() > float64(timeout) {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("timeout! the request time is long ago, please try again")
 			return
 		}
 		if ctx.Input.Query("signature") !=
 			Signature(appsecret, ctx.Input.Method(), ctx.Request.Form, ctx.Input.Uri()) {
-			ctx.Output.SetStatus(403)
+			ctx.ResponseWriter.WriteHeader(403)
 			ctx.WriteString("auth failed")
 		}
 	}
diff --git a/plugins/cors/cors.go b/plugins/cors/cors.go
index 052d3bc6..1e973a40 100644
--- a/plugins/cors/cors.go
+++ b/plugins/cors/cors.go
@@ -24,7 +24,7 @@
 //		// - PUT and PATCH methods
 //		// - Origin header
 //		// - Credentials share
-//		beego.InsertFilter("*", beego.BeforeRouter,cors.Allow(&cors.Options{
+//		beego.InsertFilter("*", beego.BeforeRouter, cors.Allow(&cors.Options{
 //			AllowOrigins:     []string{"https://*.foo.com"},
 //			AllowMethods:     []string{"PUT", "PATCH"},
 //			AllowHeaders:     []string{"Origin"},
@@ -36,7 +36,6 @@
 package cors
 
 import (
-	"net/http"
 	"regexp"
 	"strconv"
 	"strings"
@@ -216,8 +215,6 @@ func Allow(opts *Options) beego.FilterFunc {
 			for key, value := range headers {
 				ctx.Output.Header(key, value)
 			}
-			ctx.Output.SetStatus(http.StatusOK)
-			ctx.WriteString("")
 			return
 		}
 		headers = opts.Header(origin)