GTable · Jjiggu · Aug 26, 2025 · Aug 26, 2025 · Aug 26, 2025 · Aug 26, 2025
diff --git a/...in-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java b/...in-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java
@@ -65,8 +65,8 @@ public ResponseEntity<?> uploadMenuImage(
 		description = "특정 메뉴 이미지 ID에 해당하는 이미지를 삭제합니다."
 	)
 	@ApiResponse(responseCode = "200", description = "메뉴 이미지 삭제 성공")
-	public ResponseEntity<?> deleteMenuImage(@PathVariable Long id) {
-		menuImageService.delete(id);
+	public ResponseEntity<?> deleteMenuImage(@PathVariable Long menuImageId) {
+		menuImageService.delete(menuImageId);
 		return ResponseEntity
 			.status(
 				HttpStatus.OK

diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java
@@ -19,10 +19,9 @@ public CorsConfigurationSource corsConfigurationSource() {
 		config.setAllowedMethods(List.of("GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS")); // 메서드 허용
 		config.setAllowedHeaders(List.of("*")); //클라이언트가 보낼 수 있는 헤더
 		config.setExposedHeaders(List.of("Authorization")); //클라이언트(브라우저)가 접근할 수 있는 헤더 지정
-		config.setAllowCredentials(true); // 쿠키 포함 허용
 
 		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-		source.registerCorsConfiguration("/**", config); //** 뜻은 모든 URL 경로에 적용한다는 의미
+		source.registerCorsConfiguration("/**", config); // 모든 URL 경로에 적용한다는 의미
 		return source;
 	}
 }
diff --git a/...app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java b/...app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java
@@ -12,6 +12,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.web.cors.CorsConfigurationSource;
 
 import com.nowait.applicationuser.oauth.oauth2.CustomOAuth2UserService;
@@ -37,7 +38,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			.cors(cors -> cors.configurationSource(corsConfigurationSource))
 			// CSRF 방어 기능 비활성화 (jwt 토큰을 사용할 것이기에 필요없음)
-			.csrf(AbstractHttpConfigurer::disable)
+			.csrf(csrf -> csrf
+				.ignoringRequestMatchers(
+					"/api/**", "/login/**", "/oauth2/**",
+					"/swagger-ui/**", "/v3/api-docs/**", "/orders/**")
+				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+			)
 			// 시큐리티 폼 로그인 비활성화
 			.formLogin(AbstractHttpConfigurer::disable)
 			// HTTP Basic 인증 비활성화
@@ -50,9 +56,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					userInfoEndpoint.userService(customOAuth2UserService)
 				).successHandler(oAuth2LoginSuccessHandler)
 			)
-			// 세션 사용하지 않음
 			.sessionManagement(session ->
-				session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+				session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
 			)
 			.authorizeHttpRequests(auth -> auth
 				.requestMatchers(

diff --git a/...p-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java b/...p-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java
@@ -20,6 +20,7 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -55,8 +56,13 @@ public ResponseEntity<?> createOrder(
 	public ResponseEntity<?> getOrderItems(
 		@PathVariable Long storeId,
 		@PathVariable Long tableId,
-		HttpSession session
+		HttpServletRequest request
 	) {
+		HttpSession session = request.getSession(false);
+		if (session == null) {
+			// 프론트가 먼저 부트스트랩 안 했거나, 쿠키가 안 붙은 케이스
+			return ResponseEntity.status(HttpStatus.OK).body(ApiUtils.success(List.of()));
+		}
 		String sessionId = session.getId();
 		List<OrderResponseDto> orderItems = orderService.getOrderItemsGroupByOrderId(storeId, tableId, sessionId);
 		return ResponseEntity.

diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java
@@ -116,11 +116,6 @@ public List<OrderResponseDto> getOrderItemsGroupByOrderId(
 	}
 
 
-
-
-
-
-
 	private static void parameterValidation(Long storeId, Long tableId, OrderCreateRequestDto orderCreateRequestDto) {
 		if (storeId == null || tableId == null || orderCreateRequestDto == null) {
 				throw new OrderParameterEmptyException();
-Original file line number
+Diff line change
@@ Expand Up / @@ -116,11 +116,6 @@ public List<OrderResponseDto> getOrderItemsGroupByOrderId( @@
     	}
     	private static void parameterValidation(Long storeId, Long tableId, OrderCreateRequestDto orderCreateRequestDto) {
     		if (storeId == null || tableId == null || orderCreateRequestDto == null) {
     				throw new OrderParameterEmptyException();
@@ Expand Down @@