Skip to content

Revert "Fix 401 Unauthorized on cart AJAX endpoints during shopify theme dev"#6975

Merged
EvilGenius13 merged 2 commits intomainfrom
revert-6839-kd-add-to-cart-bug
Mar 13, 2026
Merged

Revert "Fix 401 Unauthorized on cart AJAX endpoints during shopify theme dev"#6975
EvilGenius13 merged 2 commits intomainfrom
revert-6839-kd-add-to-cart-bug

Conversation

@EvilGenius13
Copy link
Contributor

@EvilGenius13 EvilGenius13 commented Mar 11, 2026

Reverts #6839

@EvilGenius13 EvilGenius13 requested review from a team as code owners March 11, 2026 14:12
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link
Contributor

github-actions bot commented Mar 11, 2026
edited
Loading

Coverage report

St.
 Category Percentage Covered / Total
🟡 Statements 77.21% 14539/18830
🟡 Branches 70.86% 7206/10170
🟡 Functions 76.2% 3697/4852
🟡 Lines 78.71% 13747/17465

Test suite run success

3791 tests passing in 1462 suites.

Report generated by 🧪jest coverage report action from 5dd39d0

binks-code-reviewer[bot]
binks-code-reviewer bot reviewed Mar 11, 2026
View reviewed changes
packages/theme/src/cli/utilities/theme-environment/proxy.ts
// Only include Authorization for theme dev, not theme-extensions
if (ctx.type === 'theme') {
baseHeaders.Authorization = `Bearer ${ctx.session.storefrontToken}`
}
Copy link

@binks-code-reviewer binks-code-reviewer bot Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bearer token sent to cart/checkout/account endpoints again (regression to 401s)

proxyStorefrontRequest now always adds Authorization: Bearer ${ctx.session.storefrontToken} for ctx.type === 'theme', regardless of path. The reverted logic previously excluded cart/checkout/account because those endpoints rely on session-cookie auth; sending a Bearer token can cause SFR to select token auth that lacks cart scopes, reintroducing 401/auth failures during theme dev (e.g., /cart/add.js, /cart/update.js, /cart.js, /cart.json, /cart/change.js, /cart, /checkouts/..., /account/logout, other account routes).

@binks-code-reviewer
Copy link

binks-code-reviewer bot commented Mar 11, 2026

🤖 Code Review · #projects-dev-ai for questions
React with 👍/👎 or reply — all feedback helps improve the agent.

Complete - 1 findings

📋 History

✅ 1 findings

@karreiro karreiro mentioned this pull request Mar 12, 2026
Merged
@EvilGenius13 EvilGenius13 force-pushed the revert-6839-kd-add-to-cart-bug branch from 3577896 to 5dd39d0 Compare March 12, 2026 19:20
@EvilGenius13 EvilGenius13 added this pull request to the merge queue Mar 13, 2026
Merged via the queue into main with commit c0efc0f Mar 13, 2026
26 checks passed
@EvilGenius13 EvilGenius13 deleted the revert-6839-kd-add-to-cart-bug branch March 13, 2026 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@binks-code-reviewer binks-code-reviewer[bot] binks-code-reviewer[bot] left review comments

@graygilmore graygilmore graygilmore approved these changes

@karreiro karreiro karreiro approved these changes

@isaacroldan isaacroldan isaacroldan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@EvilGenius13 @graygilmore @karreiro @isaacroldan