diff --git a/scripts/hap/auth_retry.py b/scripts/hap/auth_retry.py
index c3b7b3b..17afbe4 100644
--- a/scripts/hap/auth_retry.py
+++ b/scripts/hap/auth_retry.py
@@ -121,13 +121,13 @@ def hap_web_post(
 
     # proxies={} 绕过系统代理，避免 www.mingdao.com 连接超时
     kwargs.setdefault("proxies", {})
-    resp = requests.post(url, headers=headers, **kwargs)
+    resp = requests.post(url, headers=headers, **kwargs, timeout=10.0)
     if resp.status_code == 401:
         print(f"[auth_retry] 检测到 401（POST {url}），正在自动刷新认证后重试...")
         if refresh_auth(auth_path):
             account_id, authorization, cookie = load_web_auth(auth_path)
             headers = _build_headers(account_id, authorization, cookie, referer, extra_headers)
-            resp = requests.post(url, headers=headers, **kwargs)
+            resp = requests.post(url, headers=headers, **kwargs, timeout=10.0)
         else:
             print("[auth_retry] 认证刷新失败，返回原始 401 响应")
 
@@ -149,13 +149,13 @@ def hap_web_get(
 
     # proxies={} 绕过系统代理，避免 www.mingdao.com 连接超时
     kwargs.setdefault("proxies", {})
-    resp = requests.get(url, headers=headers, **kwargs)
+    resp = requests.get(url, headers=headers, **kwargs, timeout=10.0)
     if resp.status_code == 401:
         print(f"[auth_retry] 检测到 401（GET {url}），正在自动刷新认证后重试...")
         if refresh_auth(auth_path):
             account_id, authorization, cookie = load_web_auth(auth_path)
             headers = _build_headers(account_id, authorization, cookie, referer, extra_headers)
-            resp = requests.get(url, headers=headers, **kwargs)
+            resp = requests.get(url, headers=headers, **kwargs, timeout=10.0)
         else:
             print("[auth_retry] 认证刷新失败，返回原始 401 响应")