diff --git a/account/api.py b/account/api.py
index f5f9bc7..0c40b7f 100644
--- a/account/api.py
+++ b/account/api.py
@@ -7,6 +7,11 @@ from .models import User
 router = Router()
 
 
+@router.get("/")
+def account(request):
+    return {"message": "success"}
+
+
 @router.post("/register")
 def user_register(request, payload: UserRegistrationSchema):
     if User.objects.filter(username=payload.username).exists():
diff --git a/api/settings.py b/api/settings.py
index 41ae2b4..8b59275 100644
--- a/api/settings.py
+++ b/api/settings.py
@@ -21,7 +21,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.getenv("SECRET_KEY")
+SECRET_KEY = os.environ.get("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
@@ -130,5 +130,9 @@ DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
 AUTH_USER_MODEL = "account.User"
 
-CORS_ALLOWED_ORIGINS = ["http://localhost:8098", "https://web.xuyue.cc"]
+CORS_ALLOWED_ORIGINS = [
+    "http://localhost:3000",
+    "http://localhost:8081",
+    "https://web.xuyue.cc",
+]
 CORS_ALLOW_CREDENTIALS = True