From 60ab03601f7f99b0983f1cda2f77cf2444b83338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B6=8C=ED=98=81=EC=84=B1?= Date: Thu, 29 Jan 2026 06:57:42 +0900 Subject: [PATCH] =?UTF-8?q?fix:=EB=8F=99=EA=B8=B0=ED=99=94=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=20CSRF=20=EB=B0=8F=20=EC=9D=B8=EC=A6=9D=20?= =?UTF-8?q?=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - CSRF 예외에 common-code-sync/*, category-sync/* 추가 - fetch 요청에 credentials: 'same-origin' 추가 - 메뉴 동기화 시 menu_id 파싱 방식 수정 (value → dataset.menuId) Co-Authored-By: Claude Opus 4.5 --- bootstrap/app.php | 2 ++ resources/views/categories/sync.blade.php | 2 ++ resources/views/common-codes/sync.blade.php | 2 ++ resources/views/menus/sync.blade.php | 4 +++- 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bootstrap/app.php b/bootstrap/app.php index f65416b7..ff80ee5e 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -24,6 +24,8 @@ // CSRF 토큰 검증 예외 (외부 API 호출용) $middleware->validateCsrfTokens(except: [ 'menu-sync/*', + 'common-code-sync/*', + 'category-sync/*', ]); // web 미들웨어 그룹에 자동 재인증 추가 diff --git a/resources/views/categories/sync.blade.php b/resources/views/categories/sync.blade.php index cf906050..f6914bea 100644 --- a/resources/views/categories/sync.blade.php +++ b/resources/views/categories/sync.blade.php @@ -350,6 +350,7 @@ function updateSelectedCount(side) { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, type: selectedType, category_keys: categoryKeys }) }); @@ -388,6 +389,7 @@ function updateSelectedCount(side) { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, type: selectedType, category_keys: categoryKeys }) }); diff --git a/resources/views/common-codes/sync.blade.php b/resources/views/common-codes/sync.blade.php index ddaa2b46..7f3c3fa3 100644 --- a/resources/views/common-codes/sync.blade.php +++ b/resources/views/common-codes/sync.blade.php @@ -351,6 +351,7 @@ function updateSelectedCount(side) { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, type: selectedType, code_keys: codeKeys }) }); @@ -389,6 +390,7 @@ function updateSelectedCount(side) { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, type: selectedType, code_keys: codeKeys }) }); diff --git a/resources/views/menus/sync.blade.php b/resources/views/menus/sync.blade.php index 08fb5454..4f864e45 100644 --- a/resources/views/menus/sync.blade.php +++ b/resources/views/menus/sync.blade.php @@ -381,7 +381,7 @@ function closeSettingsModal() { return; } - const menuIds = Array.from(checkboxes).map(cb => cb.value); + const menuIds = Array.from(checkboxes).map(cb => parseInt(cb.dataset.menuId)); if (!confirm(`${menuIds.length}개 메뉴를 ${selectedEnv === 'dev' ? '개발' : '운영'} 서버로 Push 하시겠습니까?`)) { return; @@ -395,6 +395,7 @@ function closeSettingsModal() { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, menu_ids: menuIds }) }); @@ -432,6 +433,7 @@ function closeSettingsModal() { 'X-CSRF-TOKEN': csrfToken, 'Accept': 'application/json' }, + credentials: 'same-origin', body: JSON.stringify({ env: selectedEnv, menu_names: menuNames }) });