diff --git a/base/web/render.go b/base/web/render.go
index 3aeaeb77..14da0005 100644
--- a/base/web/render.go
+++ b/base/web/render.go
@@ -46,6 +46,7 @@ func Render(m *ice.Message, cmd string, args ...ice.Any) bool {
 	if cmd != "" && cmd != ice.RENDER_DOWNLOAD {
 		defer func() { m.Logs("Render", cmd, args) }()
 	}
+	m.W.Header().Add("Access-Control-Allow-Origin", "http://localhost:9020")
 	switch cmd {
 	case COOKIE: // value [name [path [expire]]]
 		RenderCookie(m, arg[0], arg[1:]...)
@@ -144,6 +145,9 @@ func RenderResult(m *ice.Message, arg ...ice.Any) {
 	Render(m, ice.RENDER_RESULT, arg...)
 	m.Render(ice.RENDER_VOID)
 }
+func RenderTemplate(m *ice.Message, file string, arg ...ice.Any) {
+	m.RenderResult(kit.Renders(kit.Format(m.Cmdx(nfs.CAT, path.Join(ice.SRC_TEMPLATE, WEB, file)), arg...), m))
+}
 
 func CookieName(url string) string {
 	return ice.MSG_SESSID + "_" + kit.ReplaceAll(kit.ParseURLMap(url)[tcp.PORT], ".", "_", ":", "_")
diff --git a/data.go b/data.go
index abe1f7fe..1512036f 100644
--- a/data.go
+++ b/data.go
@@ -17,6 +17,9 @@ func (m *Message) CommandKey() string {
 func (m *Message) PrefixKey(arg ...Any) string {
 	return kit.Keys(m.Prefix(m.CommandKey()), kit.Keys(arg...))
 }
+func (m *Message) PrefixPath(arg ...Any) string {
+	return strings.TrimPrefix(strings.ReplaceAll(kit.Keys(m.Prefix(m.CommandKey()), kit.Keys(arg...)), PT, PS), "web")
+}
 func (m *Message) Prefix(arg ...string) string {
 	return m.Target().PrefixKey(arg...)
 }
diff --git a/misc/git/token.go b/misc/git/token.go
index cfe4a43f..c383840d 100644
--- a/misc/git/token.go
+++ b/misc/git/token.go
@@ -24,38 +24,34 @@ func init() {
 	Index.MergeCommands(ice.Commands{
 		TOKEN: {Name: "token username auto prunes", Actions: ice.MergeActions(ice.Actions{
 			ice.CTX_INIT: {Hand: func(m *ice.Message, arg ...string) { aaa.White(m, kit.Keys(TOKEN, SID)) }},
-			web.PP(SET): {Hand: func(m *ice.Message, arg ...string) {
-				list := []string{m.Option(TOKEN)}
+			web.P(SET): {Hand: func(m *ice.Message, arg ...string) {
+				host, list := kit.Dict(), []string{m.Option(TOKEN)}
 				m.Cmd(nfs.CAT, kit.HomePath(FILE), func(line string) {
-					kit.If(line != list[0], func() { list = append(list, line) })
+					kit.IfNoKey(host, kit.ParseURL(line).Host, func(p string) { list = append(list, line) })
 				})
 				m.Cmd(nfs.SAVE, kit.HomePath(FILE), strings.Join(list, ice.NL)+ice.NL)
-				m.RenderResult(m.Cmdx(nfs.CAT, ice.SRC_TEMPLATE+"web/close.html"))
+				web.RenderTemplate(m, "close.html")
 			}},
 			web.PP(GET): {Hand: func(m *ice.Message, arg ...string) {
 				m.Cmd(nfs.CAT, kit.HomePath(FILE), func(text string) {
-					if strings.HasSuffix(text, ice.AT+arg[0]) {
-						u := kit.ParseURL(text)
-						if p, ok := u.User.Password(); ok {
-							m.Echo(u.User.Username()).Echo(p)
-							m.W.Header().Add("Access-Control-Allow-Origin", u.Scheme+"://"+arg[0])
-						}
+					if u := kit.ParseURL(text); u.Host == arg[0] {
+						m.Echo(u.User.Username()).Echo(u.User.Password())
+						m.W.Header().Add("Access-Control-Allow-Origin", u.Scheme+"://"+u.Host)
 					}
 				})
 			}},
 			web.PP(SID): {Hand: func(m *ice.Message, arg ...string) {
 				if len(arg) > 1 && m.Cmd(TOKEN, arg[0]).Append(TOKEN) == arg[1] {
-					web.RenderCookie(m, aaa.SessCreate(m, arg[0]))
-					m.Echo(ice.OK)
+					web.RenderCookie(m.Echo(ice.OK), aaa.SessCreate(m, arg[0]))
 				}
 			}},
 		}, mdb.HashAction(mdb.EXPIRE, mdb.MONTH, mdb.SHORT, aaa.USERNAME, mdb.FIELD, "time,username,token")), Hand: func(m *ice.Message, arg ...string) {
 			if mdb.HashSelect(m, arg...); len(arg) > 0 && m.Length() > 0 {
 				p := strings.Replace(m.Option(ice.MSG_USERHOST), "://", kit.Format("://%s:%s@", m.Option(ice.MSG_USERNAME), m.Append(TOKEN)), 1)
-				m.EchoScript(p).EchoScript(nfs.Template(m, "echo.sh", strings.Replace(m.Option(ice.MSG_USERHOST), "://", kit.Format("://%s:%s@", m.Option(ice.MSG_USERNAME), m.Append(TOKEN)), 1)))
-				m.EchoAnchor(kit.MergeURL2(m.Option(tcp.HOST), "/code/git/token/set/", TOKEN, p))
-				if strings.Contains(m.Option(ice.MSG_USERWEB), "/chat/cmd/web.code.git.token") {
-					m.ProcessReplace(kit.MergeURL2(m.Option(tcp.HOST), "/code/git/token/set/", TOKEN, p))
+				if m.EchoScript(p).EchoScript(nfs.Template(m, "echo.sh", p)); m.Option(ice.CMD) == m.PrefixKey() {
+					m.ProcessReplace(kit.MergeURL2(m.Option(tcp.HOST), m.PrefixPath(SET), TOKEN, p))
+				} else {
+					m.EchoAnchor(kit.MergeURL2(m.Option(tcp.HOST), m.PrefixPath(SET), TOKEN, p))
 				}
 			}
 		}},