diff --git a/common.php b/common.php
index 7e84c0d..12c44aa 100644
--- a/common.php
+++ b/common.php
@@ -36,6 +36,7 @@ $EnvConfigs = [
     'customTheme'       => 0b011,
     'theme'             => 0b010,
     'dontBasicAuth'     => 0b010,
+    'referrer'          => 0b011,
 
     'Driver'            => 0b100,
     'client_id'         => 0b100,
@@ -254,6 +255,8 @@ function main($path)
         }
     }
 
+    if (!isreferhost()) return message('Must visit from designated host', 'NOT_ALLOWED', 403);
+
     // Show disks in root
     if ($files['showname'] == 'root') return render_list($path, $files);
 
@@ -419,6 +422,19 @@ function extendShow_diskenv($drive)
     return $drive->ext_show_innerenv();
 }
 
+function isreferhost() {
+    $referer = $_SERVER['referhost'];
+    if ($referer=='') return true;
+    if ($referer==$_SERVER['HTTP_HOST']) return true;
+    $referrer = getConfig('referrer');
+    if ($referrer=='') return true;
+    $arr = explode('|', $referrer);
+    foreach ($arr as $host) {
+        if ($host == $referer) return true;
+    }
+    return false;
+}
+
 function pass2cookie($name, $pass)
 {
     return md5($name . ':' . md5($pass));
@@ -533,7 +549,7 @@ function getListpath($domain)
         }
     }
     if (isset($domain_path[$domain])) return spurlencode($domain_path[$domain],'/');
-    return spurlencode($public_path,'/');
+    return spurlencode($public_path, '/');
 }
 
 function path_format($path)
@@ -639,44 +655,6 @@ function curl($method, $url, $data = '', $headers = [], $returnheader = 0)
     return $response;
 }
 
-function curl_request($url, $data = false, $headers = [], $returnheader = 0)
-{
-    if (!isset($headers['Accept'])) $headers['Accept'] = '*/*';
-    //if (!isset($headers['Referer'])) $headers['Referer'] = $url;
-    //if (!isset($headers['Content-Type'])) $headers['Content-Type'] = 'application/x-www-form-urlencoded';
-    $sendHeaders = array();
-    foreach ($headers as $headerName => $headerVal) {
-        $sendHeaders[] = $headerName . ': ' . $headerVal;
-    }
-    $ch = curl_init();
-    curl_setopt($ch, CURLOPT_URL, $url);
-    if ($data !== false) {
-        curl_setopt($ch, CURLOPT_POST, 1);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
-    }
-    curl_setopt($ch, CURLOPT_TIMEOUT, 5);
-    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
-    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-    curl_setopt($ch, CURLOPT_HEADER, $returnheader);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
-    curl_setopt($ch, CURLOPT_HTTPHEADER, $sendHeaders);
-    //$response['body'] = curl_exec($ch);
-    if ($returnheader) {
-        list($returnhead, $response['body']) = explode("\r\n\r\n", curl_exec($ch));
-        foreach (explode("\r\n", $returnhead) as $head) {
-            $tmp = explode(': ', $head);
-            $heads[$tmp[0]] = $tmp[1];
-        }
-        $response['returnhead'] = $heads;
-    } else {
-        $response['body'] = curl_exec($ch);
-    }
-    $response['stat'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-    curl_close($ch);
-    return $response;
-}
-
 function clearbehindvalue($path,$page1,$maxpage,$pageinfocache)
 {
     for ($page=$page1+1;$page<$maxpage;$page++) {
@@ -776,6 +754,7 @@ function message($message, $title = 'Message', $statusCode = 200)
     <meta name=viewport content="width=device-width,initial-scale=1">
     <body>
         <h1>' . $title . '</h1>
+        <a href="' . $_SERVER['base_path'] . '">' . getconstStr('Back') . getconstStr('Home') . '</a>
         <p>
 
 ' . $message . '
@@ -814,8 +793,9 @@ function needUpdate()
 
 function output($body, $statusCode = 200, $headers = ['Content-Type' => 'text/html'], $isBase64Encoded = false)
 {
-    //$headers['Referrer-Policy'] = 'same-origin';
-    $headers['Referrer-Policy'] = 'no-referrer';
+    if (isset($_SERVER['Set-Cookie'])) $headers['Set-Cookie'] = $_SERVER['Set-Cookie'];
+    $headers['Referrer-Policy'] = 'no-referrer'; //$headers['Referrer-Policy'] = 'same-origin';
+    $headers['X-Frame-Options'] = 'sameorigin';
     return [
         'isBase64Encoded' => $isBase64Encoded,
         'statusCode' => $statusCode,
@@ -874,12 +854,8 @@ function adminform($name = '', $pass = '', $path = '')
         <body>' . getconstStr('LoginSuccess') . '</body></html>';
         $statusCode = 201;
         date_default_timezone_set('UTC');
-        $header = [
-            'Set-Cookie' => $name . '=' . $pass . '; path=/; expires=' . date(DATE_COOKIE, strtotime('+7day')),
-            //'Location' => $path,
-            'Content-Type' => 'text/html'
-        ];
-        return output($html, $statusCode, $header);
+        $_SERVER['Set-Cookie'] = $name . '=' . $pass . '; path=/; expires=' . date(DATE_COOKIE, strtotime('+7day'));
+        return output($html, $statusCode);
     }
     $statusCode = 401;
     $html .= '
@@ -1059,7 +1035,8 @@ function EnvOpt($needUpdate = 0)
     global $drive;
     ksort($EnvConfigs);
     $envs = '';
-    foreach ($EnvConfigs as $env => $v) if (isCommonEnv($env)) $envs .= '\'' . $env . '\', ';
+    //foreach ($EnvConfigs as $env => $v) if (isCommonEnv($env)) $envs .= '\'' . $env . '\', ';
+    $envs = substr(json_encode(array_keys ($EnvConfigs)), 1, -1);
 
     $html = '<title>OneManager '.getconstStr('Setup').'</title>';
     if (isset($_POST['updateProgram'])&&$_POST['updateProgram']==getconstStr('updateProgram')) {
@@ -1127,7 +1104,7 @@ function EnvOpt($needUpdate = 0)
         $preurl = path_format($_SERVER['PHP_SELF'] . '/');
     }
     $html .= '
-<a href="'.$preurl.'">'.getconstStr('Back').'</a>&nbsp;&nbsp;&nbsp;<a href="'.$_SERVER['base_path'].'">'.getconstStr('Back').getconstStr('Home').'</a><br>
+<a href="'.$preurl.'">'.getconstStr('Back').'</a><br>
 <a href="https://github.com/qkqpttgf/OneManager-php">Github</a><br>';
 
     $html .= '
@@ -1137,11 +1114,12 @@ function EnvOpt($needUpdate = 0)
             <td colspan="2">'.getconstStr('PlatformConfig').'</td>
         </tr>';
     foreach ($EnvConfigs as $key => $val) if (isCommonEnv($key) && isShowedEnv($key)) {
-        if ($key=='timezone') {
-            $html .= '
+        $html .= '
         <tr>
             <td><label>' . $key . '</label></td>
-            <td width=100%>
+            <td width=100%>';
+        if ($key=='timezone') {
+            $html .= '
                 <select name="' . $key .'">';
             foreach (array_keys($timezones) as $zone) {
                 $html .= '
@@ -1149,15 +1127,10 @@ function EnvOpt($needUpdate = 0)
             }
             $html .= '
                 </select>
-                '.getconstStr('EnvironmentsDescription')[$key].'
-            </td>
-        </tr>';
+                ' . getconstStr('EnvironmentsDescription')[$key];
         } elseif ($key=='theme') {
             $theme_arr = scandir(__DIR__ . $slash . 'theme');
             $html .= '
-        <tr>
-            <td><label>' . $key . '</label></td>
-            <td width=100%>
                 <select name="' . $key .'">
                     <option value=""></option>';
             foreach ($theme_arr as $v1) {
@@ -1166,9 +1139,7 @@ function EnvOpt($needUpdate = 0)
             }
             $html .= '
                 </select>
-                '.getconstStr('EnvironmentsDescription')[$key].'
-            </td>
-        </tr>';
+                ' . getconstStr('EnvironmentsDescription')[$key];
         } /*elseif ($key=='domain_path') {
             $tmp = getConfig($key);
             $domain_path = '';
@@ -1182,13 +1153,13 @@ function EnvOpt($needUpdate = 0)
             <td width=100%><input type="text" name="' . $key .'" value="' . $domain_path . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
         </tr>';
         }*/ else $html .= '
-        <tr>
-            <td><label>' . $key . '</label></td>
-            <td width=100%><input type="text" name="' . $key .'" value="' . htmlspecialchars(getConfig($key)) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
+                <input type="text" name="' . $key . '" value="' . htmlspecialchars(getConfig($key)) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%">';
+        $html .= '
+            </td>
         </tr>';
     }
     $html .= '
-        <tr><td><input type="submit" name="submit1" value="'.getconstStr('Setup').'"></td></tr>
+        <tr><td><input type="submit" name="submit1" value="' . getconstStr('Setup') . '"></td></tr>
     </form>
 </table><br>';
     $disktags = explode('|', getConfig('disktag'));
@@ -1249,7 +1220,7 @@ function EnvOpt($needUpdate = 0)
         }
         envs = [' . $envs . '];
         if (envs.indexOf(t.disktag_sort.value)>-1) {
-            alert("Do not input ' . $envs . '");
+            alert(\'Do not input ' . $envs . '\');
             return false;
         }
         return true;
@@ -1276,21 +1247,21 @@ function EnvOpt($needUpdate = 0)
     <tr>
         <td>
             <form action="" method="post" style="margin: 0" onsubmit="return deldiskconfirm(this);">
-                <input type="hidden" name="disktag_del" value="'.$disktag.'">
-                <input type="submit" name="submit1" value="'.getconstStr('DelDisk').'">
-            </form>
-        </td>
-        <td>
-            <form action="" method="post" style="margin: 0" onsubmit="return renametag(this);">
-                <input type="hidden" name="disktag_rename" value="'.$disktag.'">
-                <input type="text" name="disktag_newname" value="'.$disktag.'" placeholder="' . getconstStr('EnvironmentsDescription')['disktag'] . '">
-                <input type="submit" name="submit1" value="'.getconstStr('RenameDisk').'">
+                <input type="hidden" name="disktag_del" value="' . $disktag . '">
+                <input type="submit" name="submit1" value="' . getconstStr('DelDisk') . '">
             </form>
             <form action="" method="post" style="margin: 0">
                 <input type="hidden" name="disktag_copy" value="' . $disktag . '">
                 <input type="submit" name="submit1" value="' . getconstStr('CopyDisk') . '">
             </form>
         </td>
+        <td>
+            <form action="" method="post" style="margin: 0" onsubmit="return renametag(this);">
+                <input type="hidden" name="disktag_rename" value="' . $disktag . '">
+                <input type="text" name="disktag_newname" value="' . $disktag . '" placeholder="' . getconstStr('EnvironmentsDescription')['disktag'] . '">
+                <input type="submit" name="submit1" value="' . getconstStr('RenameDisk') . '">
+            </form>
+        </td>
     </tr>
     <tr>
         <td>Driver</td>
@@ -1306,13 +1277,13 @@ function EnvOpt($needUpdate = 0)
 
             if ($diskok) {
                 $html .= '
-    <form name="'.$disktag.'" action="" method="post">
-        <input type="hidden" name="disk" value="'.$disktag.'">';
+    <form name="' . $disktag . '" action="" method="post">
+        <input type="hidden" name="disk" value="' . $disktag . '">';
                 foreach ($EnvConfigs as $key => $val) if (isInnerEnv($key) && isShowedEnv($key)) {
                     $html .= '
         <tr>
             <td><label>' . $key . '</label></td>
-            <td width=100%><input type="text" name="' . $key .'" value="' . getConfig($key, $disktag) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
+            <td width=100%><input type="text" name="' . $key . '" value="' . getConfig($key, $disktag) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
         </tr>';
                 }
                 $html .= '
@@ -1321,7 +1292,7 @@ function EnvOpt($needUpdate = 0)
             } else {
                 $html .= '
     <tr>
-        <td colspan="2">Please add this disk again.</td>
+        <td colspan="2">' . $disk_tmp->error['body'] . '</td>
     </tr>';
             }
             $html .= '
@@ -1369,17 +1340,17 @@ function EnvOpt($needUpdate = 0)
     }
     if (!$canOneKeyUpate) {
         $html .= '
-'.getconstStr('CannotOneKeyUpate').'<br>';
+' . getconstStr('CannotOneKeyUpate') . '<br>';
     } else {
         $html .= '
 <form name="updateform" action="" method="post">
     <input type="text" name="auth" size="6" placeholder="auth" value="qkqpttgf">
     <input type="text" name="project" size="12" placeholder="project" value="OneManager-php">
-    <button name="QueryBranchs" onclick="querybranchs();return false;">'.getconstStr('QueryBranchs').'</button>
+    <button name="QueryBranchs" onclick="querybranchs();return false;">' . getconstStr('QueryBranchs') . '</button>
     <select name="branch">
         <option value="master">master</option>
     </select>
-    <input type="submit" name="updateProgram" value="'.getconstStr('updateProgram').'">
+    <input type="submit" name="updateProgram" value="' . getconstStr('updateProgram') . '">
 </form>
 <script>
     function deldiskconfirm(t) {
@@ -1389,7 +1360,7 @@ function EnvOpt($needUpdate = 0)
     }
     function renametag(t) {
         if (t.disktag_newname.value==\'\') {
-            alert(\''.getconstStr('DiskTag').'\');
+            alert(\'' . getconstStr('DiskTag') . '\');
             return false;
         }
         if (t.disktag_newname.value==t.disktag_rename.value) {
@@ -1397,12 +1368,12 @@ function EnvOpt($needUpdate = 0)
         }
         envs = [' . $envs . '];
         if (envs.indexOf(t.disktag_newname.value)>-1) {
-            alert("Do not input ' . $envs . '");
+            alert(\'Do not input ' . $envs . '\');
             return false;
         }
         var reg = /^[a-zA-Z]([_a-zA-Z0-9]{1,20})$/;
         if (!reg.test(t.disktag_newname.value)) {
-            alert(\''.getconstStr('TagFormatAlert').'\');
+            alert(\'' . getconstStr('TagFormatAlert') . '\');
             return false;
         }
         return true;
@@ -1413,7 +1384,6 @@ function EnvOpt($needUpdate = 0)
         var xhr = new XMLHttpRequest();
         xhr.open("GET", "https://api.github.com/repos/"+document.updateform.auth.value+"/"+document.updateform.project.value+"/branches");
         //xhr.setRequestHeader("User-Agent","qkqpttgf/OneManager");
-        xhr.send(null);
         xhr.onload = function(e){
             console.log(xhr.responseText+","+xhr.status);
             if (xhr.status==200) {
@@ -1430,6 +1400,7 @@ function EnvOpt($needUpdate = 0)
         xhr.onerror = function(e){
             alert("Network Error "+xhr.status);
         }
+        xhr.send(null);
     }
 </script>
 ';
@@ -2426,6 +2397,6 @@ function render_list($path = '', $files = [])
 
     $tmp = splitfirst($html, '</title>');
     $html = $tmp[0] . '</title>' . $authinfo . $tmp[1];
-    if (isset($_SERVER['Set-Cookie'])) return output($html, $statusCode, [ 'Set-Cookie' => $_SERVER['Set-Cookie'], 'Content-Type' => 'text/html' ]);
+    //if (isset($_SERVER['Set-Cookie'])) return output($html, $statusCode, [ 'Set-Cookie' => $_SERVER['Set-Cookie'], 'Content-Type' => 'text/html' ]);
     return output($html, $statusCode);
 }
diff --git a/conststr.php b/conststr.php
index c42966e..35d8a5c 100644
--- a/conststr.php
+++ b/conststr.php
@@ -93,6 +93,7 @@ $constStr = [
             'customScript' => '<script> in all pages, e.g. http turn to https',
             'customCss' => '<style> in <head>',
             'customTheme' => 'an url of html',
+            'referrer' => 'only these domains can refer resourse in this site, format is a1.com|b2.com',
             'domain_path' => 'more custom domain, format is a1.com:/dirto/path1|b2.com:/path2',
             'diskname' => 'The disk name you want show.',
             'disktag' => 'A tag used in store config and url.',
@@ -119,6 +120,7 @@ $constStr = [
             'customScript' => '<script>，在所有页都会存在,例如放一个http跳转https',
             'customCss' => '<style>，在<head>最后面',
             'customTheme' => 'html格式的主题的url',
+            'referrer' => '只有这些域名能引用本站资源。格式为a1.com|b1.com',
             'domain_path' => '使用多个自定义域名时，指定每个域名看到的目录。格式为a1.com:/dirto/path1|b1.com:/path2，比private_path优先。',
             'diskname' => '这个盘你想显示什么名称。',
             'disktag' => '一个标签，用于保存配置，多盘时会显示在url中。',
@@ -145,6 +147,7 @@ $constStr = [
             'customScript' => '<script>，在所有頁都會存在,例如放一個http跳轉https',
             'customCss' => '<style>，在<head>最後面',
             'customTheme' => 'html格式的主題的url',
+            'referrer' => '',
             'domain_path' => '使用多個自訂域名時，指定每個域名看到的目錄。格式為a1.com:/dirto/path1|b1.com:/path2，比private_path優先。',
             'diskname' => '這個盤你想顯示什麼名稱。',
             'disktag' => '一個標籤，用於儲存配置，多盤時會顯示在url中。',
@@ -170,6 +173,7 @@ $constStr = [
             'customScript' => '＜script＞は、すべてのページに存在します。例えば、httpを置いてhttpsをジャンプします。',
             'customCss' => '＜style＞は、＜head＞の一番後ろにあります。',
             'customTheme' => 'htmlフォーマットのテーマのurl',
+            'referrer' => '',
             'domain_path' => '複数のドメイン名を使用する場合、ドメイン名ごとに見られるディレクトリを指定します。フォーマットはa 1.com:/dirto/path 1.com:/path 2で、prvate_path優先。',
             'diskname' => 'このディスクの名前を表示したいですか？',
             'disktag' => '一つのラベルは保存配置に使い、複数のディスクはurlに表示されます。',
@@ -195,6 +199,7 @@ $constStr = [
             'customScript' => '< script > 은 모든 페이지 에 존재 합 니 다. 예 를 들 어 http 을 하나 넣 고 https 로 이동 합 니 다.',
             'customCss' => '< 스타일 >, < 헤드 > 맨 뒤에',
             'customTheme' => 'html 형식의 테마 url',
+            'referrer' => '',
             'domain_path' => '도 메 인 이름 을 여러 개 사용자 정의 할 때 도 메 인 이름 마다 보 이 는 디 렉 터 리 를 지정 합 니 다.형식 은 a1. com: / dirto / path 1 | b1. com: / path 2, privatepath 우선.',
             'diskname' => '이 접시 에 당신 은 어떤 명칭 을 표시 하고 싶 습 니까?',
             'disktag' => '디스크가 여러 개인 경우 구성을 저장하는 데 사용되는 레이블이 url에 표시됩니다.',
@@ -216,6 +221,7 @@ $constStr = [
         'fa' => [
             'admin' => 'رمز عبور ادمین، در صورت خالی بودن دکمه لاگین به نمایش در نمی‌آید',
             'adminloginpage' => 'در صورت تنظیم ، دکمه ورود نمایش داده نمی شود و صفحه ورود دیگر \?admin\ نیست بلکه \?{مقدار ورودی شما}\ است.',
+            'referrer' => '',
             'domain_path' => 'تنظیم دامنه سفارشی، به صورت a1.com:/dirto/path1|b2.com:/path2',
             'diskname' => 'نام دیسک که می‌خواهید نشان دهید.',
             'disktag' => 'تگی که در ذخیره پیکربندی و نشانی اینترنتی استفاده می‌شود.',
@@ -234,6 +240,7 @@ $constStr = [
             'customScript' => 'في جميع الصفحات ، على سبيل المثال ، وضع النص المتشعب القفز HTTPS',
             'customCss' => '<style>，في الجزء الخلفي من',
             'customTheme' => 'أتش تي أم أل شكل عنوان الموضوع',
+            'referrer' => '',
             'domain_path' => 'عند استخدام العديد من أسماء النطاقات المخصصة ، حدد الدليل الذي يرى كل اسم النطاق   هذا هو القانون ؛   بات اولا',
             'diskname' => 'ما اسم هذا القرص الذي تريد أن تظهر ؟',
             'disktag' => 'العلامة التي تستخدم لحفظ التكوين ، يتم عرضها في عناوين المواقع عند تعدد الأقراص',
diff --git a/platform/AliyunFC.php b/platform/AliyunFC.php
index 634c9c0..d5b40e3 100644
--- a/platform/AliyunFC.php
+++ b/platform/AliyunFC.php
@@ -28,12 +28,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    if (isset($event['headers']['Authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['Authorization'][0], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['FC_SERVER_PATH'] = '/var/fc/runtime/php7.2';
 }
 
 function GetPathSetting($event, $context)
@@ -57,6 +51,17 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['clientIP'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['X-Requested-With'][0];
+    if (isset($event['headers']['Authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['Authorization'][0], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['HTTP_HOST'] = $event['headers']['Host'][0];
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['X-Forwarded-Proto'][0];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['Referer'][0])[2];
+    $_SERVER['FC_SERVER_PATH'] = '/var/fc/runtime/php7.2';
     return $path;
 }
 
diff --git a/platform/BaiduCFC.php b/platform/BaiduCFC.php
index 66555fa..4e16c2b 100644
--- a/platform/BaiduCFC.php
+++ b/platform/BaiduCFC.php
@@ -26,14 +26,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['User-Agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['BCE_CFC_RUNTIME_NAME'] = 'php7';
 }
 
 function GetPathSetting($event, $context)
@@ -47,6 +39,19 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['X-Requested-With'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['User-Agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['HTTP_HOST'] = $event['headers']['Host'];
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['X-Forwarded-Proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['Referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['BCE_CFC_RUNTIME_NAME'] = 'php7';
     return $path;
 }
 
diff --git a/platform/Heroku.php b/platform/Heroku.php
index a152ffd..ea76364 100644
--- a/platform/Heroku.php
+++ b/platform/Heroku.php
@@ -4,6 +4,9 @@ function getpath()
 {
     $_SERVER['firstacceptlanguage'] = strtolower(splitfirst(splitfirst($_SERVER['HTTP_ACCEPT_LANGUAGE'],';')[0],',')[0]);
     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $_SERVER['REQUEST_SCHEME'] = $_SERVER['HTTP_X_FORWARDED_PROTO'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $_SERVER['HTTP_REFERER'])[2];
     $_SERVER['base_path'] = path_format(substr($_SERVER['SCRIPT_NAME'], 0, -10) . '/');
     $p = strpos($_SERVER['REQUEST_URI'],'?');
     if ($p>0) $path = substr($_SERVER['REQUEST_URI'], 0, $p);
diff --git a/platform/HuaweiFG_env.php b/platform/HuaweiFG_env.php
index 6d57da3..c10fbf3 100644
--- a/platform/HuaweiFG_env.php
+++ b/platform/HuaweiFG_env.php
@@ -39,14 +39,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
 }
 
 function GetPathSetting($event, $context)
@@ -69,6 +61,18 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['headers']['x-real-ip'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
     return $path;
 }
 
diff --git a/platform/HuaweiFG_file.php b/platform/HuaweiFG_file.php
index 4600d3a..21e4e62 100644
--- a/platform/HuaweiFG_file.php
+++ b/platform/HuaweiFG_file.php
@@ -39,14 +39,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
 }
 
 function GetPathSetting($event, $context)
@@ -69,6 +61,18 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['headers']['x-real-ip'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
     return $path;
 }
 
diff --git a/platform/Normal.php b/platform/Normal.php
index 82621fe..49f0a69 100644
--- a/platform/Normal.php
+++ b/platform/Normal.php
@@ -4,6 +4,9 @@ function getpath()
 {
     $_SERVER['firstacceptlanguage'] = strtolower(splitfirst(splitfirst($_SERVER['HTTP_ACCEPT_LANGUAGE'],';')[0],',')[0]);
     if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $_SERVER['HTTP_REFERER'])[2];
     if (isset($_SERVER['DOCUMENT_ROOT'])&&$_SERVER['DOCUMENT_ROOT']==='/app') $_SERVER['base_path'] = '/';
     else $_SERVER['base_path'] = path_format(substr($_SERVER['SCRIPT_NAME'], 0, -10) . '/');
     if (isset($_SERVER['UNENCODED_URL'])) $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL'];
diff --git a/platform/TencentSCF_env.php b/platform/TencentSCF_env.php
index badc89d..a3a8247 100644
--- a/platform/TencentSCF_env.php
+++ b/platform/TencentSCF_env.php
@@ -23,14 +23,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
-    $_SERVER['USER'] = 'qcloud';
 }
 
 function GetPathSetting($event, $context)
@@ -54,6 +46,17 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
+    $_SERVER['USER'] = 'qcloud';
     return $path;
 }
 
diff --git a/platform/TencentSCF_file.php b/platform/TencentSCF_file.php
index c68069a..e8b8f9e 100644
--- a/platform/TencentSCF_file.php
+++ b/platform/TencentSCF_file.php
@@ -23,14 +23,6 @@ function GetGlobalVariable($event)
         $pos = strpos($cookievalues,"=");
         $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
     }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
-    $_SERVER['USER'] = 'qcloud';
 }
 
 function GetPathSetting($event, $context)
@@ -54,6 +46,17 @@ function GetPathSetting($event, $context)
     $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
     $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
     $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
+    $_SERVER['USER'] = 'qcloud';
     return $path;
 }