[Bug]: Cart actions via traditional HTTP requests fail with 401: Unauthorized or assume Content-Type: application/json

[mrpunkin]

Please confirm that you have:

• Searched existing issues to see if your issue is a duplicate. (If you’ve found a duplicate issue, feel free to add additional information in a comment on it.)
• Reproduced the issue in the latest CLI version.

In which of these areas are you experiencing a problem?

Theme

Expected behavior

• Clicking a link such as <a href="{{ item.url_to_remove }}">Remove</a> should call /cart/change and redirect to the cart with the item removed.
• Submitting a form such as <form action="{{ routes.cart_url }}" method="post"> using an <input type="submit" value="Update cart"> input should update cart quantities related to any <input type="text" name="updates[]" value="{{ item.quantity }}"> field.
• Submitting same form with an <input type="submit" name="checkout" value="Checkout"> input should redirect to checkout.

Actual behavior

• Clicking removal link indeed generates the request GET /cart/change?id=39899581939793:2faddffe8529a720f321d8925ac87b40&quantity=0 according to the CLI output, however it responds with 401: Unauthorized.
• When submitting form using update input JSON is returned and an "application/json" Content-Type used.
• When submitting form using checkout input a request to /checkout is made but fails with a 401 as well.

Verbose output

Request clicking remove link

GET /cart/change?id=39899581939793:2faddffe8529a720f321d8925ac87b40&quantity=0
2024-09-19T23:59:10.288Z: → Rendering https://mystore.myshopify.com/cart/change?_fd=0&pb=0&id=39899581939793%3A2faddffe8529a720f321d8925ac87b40&quantity=0 (with )...
2024-09-19T23:59:10.535Z: Request to https://mystore.myshopify.com/cart/change?_fd=0&pb=0&id=39899581939793%3A2faddffe8529a720f321d8925ac87b40&quantity=0 completed in 247 ms
With response headers:

• content-type: text/html
• server-timing: processing;dur=61, cfRequestDuration;dur=197.999954
• x-request-id: f8b4ace1-d1e8-4e09-954d-1435b31424ea-1726790350

2024-09-19T23:59:10.536Z: ← 401 (request_id: f8b4ace1-d1e8-4e09-954d-1435b31424ea-1726790350)

Submit form with checkout button

GET /checkout?locale=en
2024-09-20T00:14:41.989Z: → Rendering https://mystore.myshopify.com/checkout?_fd=0&pb=0&locale=en (with )...
2024-09-20T00:14:42.215Z: Request to https://mystore.myshopify.com/checkout?_fd=0&pb=0&locale=en completed in 226 ms
With response headers:

• content-type: text/html
• server-timing: processing;dur=29, cfRequestDuration;dur=195.000172
• x-request-id: 2ba13314-526a-4c69-9281-f08b162b18da-1726791282

2024-09-20T00:14:42.216Z: ← 401 (request_id: 2ba13314-526a-4c69-9281-f08b162b18da-1726791282)

Reproduction steps

1. Build a /cart page with simple HTML form, quantity inputs and removal links in accordance with the documentation at https://shopify.dev/docs/storefronts/themes/architecture/templates/cart
2. Try and use the cart interactions without any JS / AJAX
3. See that cart actions don't work as expected

Operating System

MacOS Sonoma 14.7

Shopify CLI version (check your project's package.json if you're not sure)

3.67.0

Shell

zsh

Node version (run node -v if you're not sure)

v22.7.0

What language and version are you using in your application?

Liquid, HTML, JS

[mrpunkin]

Just wanted to comment and share that this all works as expected if I run shopify theme dev --legacy