diff --git a/src/modules/ws-proxy/proxy.ts b/src/modules/ws-proxy/proxy.ts
index 4016ff4..82f428f 100644
--- a/src/modules/ws-proxy/proxy.ts
+++ b/src/modules/ws-proxy/proxy.ts
@@ -5,6 +5,7 @@ import { App } from '@kevisual/router';
 import { logger } from '../logger.ts';
 import { getLoginUser } from '@/modules/auth.ts';
 import { createStudioAppListHtml } from '../html/studio-app-list/index.ts';
+import { omit } from 'es-toolkit';
 
 type ProxyOptions = {
   createNotFoundPage: (msg?: string) => any;
@@ -74,9 +75,12 @@ export const UserV1Proxy = async (req: IncomingMessage, res: ServerResponse, opt
     res.end(await html);
     return true;
   }
-  // const { token, cookies, ...rest } = data;
-  const value = await client.sendData(data, {
-    state: { tokenUser: loginUser.tokenUser },
+  let message: any = data;
+  if (!isAdmin) {
+    message = omit(data, ['token', 'cookies']);
+  }
+  const value = await client.sendData(message, {
+    state: { tokenUser: omit(loginUser.tokenUser, ['oauthExpand']) },
   });
   if (value) {
     res.writeHead(200, { 'Content-Type': 'application/json' });