Revert "Fix 401 Unauthorized on cart AJAX endpoints during shopify theme dev"#6975
Revert "Fix 401 Unauthorized on cart AJAX endpoints during shopify theme dev"#6975EvilGenius13 wants to merge 2 commits intomainfrom
shopify theme dev"#6975Conversation
This comment has been minimized.
This comment has been minimized.
Coverage report
Test suite run success3791 tests passing in 1462 suites. Report generated by 🧪jest coverage report action from 5dd39d0 |
![binks-code-reviewer[bot]](https://avatars.githubusercontent.com/in/2788732?s=60&v=4){kind=small}
| // Only include Authorization for theme dev, not theme-extensions | ||
| if (ctx.type === 'theme') { | ||
| baseHeaders.Authorization = `Bearer ${ctx.session.storefrontToken}` | ||
| } |
There was a problem hiding this comment.
Bearer token sent to cart/checkout/account endpoints again (regression to 401s)
proxyStorefrontRequest now always adds Authorization: Bearer ${ctx.session.storefrontToken} for ctx.type === 'theme', regardless of path. The reverted logic previously excluded cart/checkout/account because those endpoints rely on session-cookie auth; sending a Bearer token can cause SFR to select token auth that lacks cart scopes, reintroducing 401/auth failures during theme dev (e.g., /cart/add.js, /cart/update.js, /cart.js, /cart.json, /cart/change.js, /cart, /checkouts/..., /account/logout, other account routes).
|
🤖 Code Review · #projects-dev-ai for questions ✅ Complete - 1 findings 📋 History✅ 1 findings |
EvilGenius13
force-pushed
the
revert-6839-kd-add-to-cart-bug
branch
from
3577896 to
5dd39d0
Compare
3 participants
Reverts #6839