diff --git a/apps/authentication/utils.py b/apps/authentication/utils.py
index cb697c237..f6750a73d 100644
--- a/apps/authentication/utils.py
+++ b/apps/authentication/utils.py
@@ -34,7 +34,13 @@ def rsa_decrypt(cipher_text, rsa_private_key=None):
     if rsa_private_key is None:
         # rsa_private_key 为 None，可以能是API请求认证，不需要解密
         return cipher_text
+
     key = RSA.importKey(rsa_private_key)
     cipher = PKCS1_v1_5.new(key)
-    message = cipher.decrypt(base64.b64decode(cipher_text.encode()), 'error').decode()
+    cipher_decoded = base64.b64decode(cipher_text.encode())
+    # Todo: 弄明白为何要以下这么写，https://xbuba.com/questions/57035263
+    if len(cipher_decoded) == 127:
+        hex_fixed = '00' + cipher_decoded.hex()
+        cipher_decoded = base64.b16decode(hex_fixed.upper())
+    message = cipher.decrypt(cipher_decoded, b'error').decode()
     return message
diff --git a/apps/jumpserver/views/other.py b/apps/jumpserver/views/other.py
index a0b386383..134d599a6 100644
--- a/apps/jumpserver/views/other.py
+++ b/apps/jumpserver/views/other.py
@@ -52,6 +52,7 @@ def redirect_format_api(request, *args, **kwargs):
         return JsonResponse({"msg": "Redirect url failed: {}".format(_path)}, status=404)
 
 
+@csrf_exempt
 def redirect_old_apps_view(request, *args, **kwargs):
     path = request.get_full_path()
     if path.find('/core') != -1: