From f0dbb25757b8e2a568b01cf16065fa1610ea8432 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B6=8C=ED=98=81=EC=84=B1?= <shine1324@gmail.com>
Date: Mon, 26 Jan 2026 20:36:43 +0900
Subject: [PATCH] =?UTF-8?q?fix:=EB=A9=94=EB=89=B4=EB=8F=99=EA=B8=B0?=
 =?UTF-8?q?=ED=99=94=20API=20CSRF=20=EC=98=88=EC=99=B8=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bootstrap/app.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index 5cc15bb9..afb18a8f 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -21,6 +21,11 @@
             'password.changed' => \App\Http\Middleware\EnsurePasswordChanged::class,
         ]);
 
+        // CSRF 토큰 검증 예외 (외부 API 호출용)
+        $middleware->validateCsrfTokens(except: [
+            'menu-sync/*',
+        ]);
+
         // auth 미들웨어 그룹에 HQ 검증 추가
         $middleware->appendToGroup('web', [
             // 기본 web 미들웨어에는 추가하지 않음 (auth에서만 적용)