diff --git a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptResponseWrapper.java b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptResponseWrapper.java
index 194e525c28..a7b38f7dba 100644
--- a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptResponseWrapper.java
+++ b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptResponseWrapper.java
@@ -42,16 +42,15 @@ public class ApiEncryptResponseWrapper extends HttpServletResponseWrapper {
         this.flushBuffer();
         byte[] body = byteArrayOutputStream.toByteArray();
 
-        // 2. 加密 body
-        String encryptedBody = symmetricEncryptor != null ? symmetricEncryptor.encryptBase64(body)
-                : asymmetricEncryptor.encryptBase64(body, KeyType.PublicKey);
-
-        // 3. 添加加密 header 标识（设置header要放在response的write之前）
+        // 2. 添加加密 header 标识
         this.addHeader(properties.getHeader(), "true");
         // 特殊：特殊：https://juejin.cn/post/6867327674675625992
         this.addHeader("Access-Control-Expose-Headers", properties.getHeader());
 
-        // 4. 输出加密后的 body
+        // 3.1 加密 body
+        String encryptedBody = symmetricEncryptor != null ? symmetricEncryptor.encryptBase64(body)
+                : asymmetricEncryptor.encryptBase64(body, KeyType.PublicKey);
+        // 3.2 输出加密后的 body：（设置 header 要放在 response 的 write 之前）
         response.getWriter().write(encryptedBody);
     }