Bug Description
When running shopify theme dev, POST requests to /cart/add fail with:
- 401 Unauthorized (empty body)
- 403 Forbidden (HTML response:
<!DOCTYPE ...)
The response to /cart/add includes an unusual Clear-Site-Data header, which appears to be terminating the session and causing the 401 → 403 cascade.
GET requests work normally. The cart works correctly when accessing the store via the preview URL (?preview_theme_id=).
Environment
- CLI version: 3.94.3
- Store: emaus-7331.myshopify.com
- Development theme ID: 181626339439
- OS: macOS
Steps to Reproduce
- Run
shopify theme dev --store emaus-7331.myshopify.com
- Open the local preview at
127.0.0.1
- Try to add a product to the cart
- Observe POST /cart/add returning 401 (empty body) then 403 (HTML)
Already Tried
- Updated CLI from 3.92.1 to 3.94.3
shopify auth logout + shopify auth login + restarted dev server- Cleared all CLI cache at
~/Library/Preferences/shopify-cli-*
- Disabled store password protection
- Problem persists in all cases
Expected Behavior
POST /cart/add should return a JSON response with cart data.
Actual Behavior
Returns 401 (empty body) then 403 (HTML with <!DOCTYPE) with Clear-Site-Data header on the response.
Bug Description
When running
shopify theme dev, POST requests to/cart/addfail with:<!DOCTYPE ...)The response to
/cart/addincludes an unusualClear-Site-Dataheader, which appears to be terminating the session and causing the 401 → 403 cascade.GET requests work normally. The cart works correctly when accessing the store via the preview URL (
?preview_theme_id=).Environment
Steps to Reproduce
shopify theme dev --store emaus-7331.myshopify.com127.0.0.1Already Tried
shopify auth logout+shopify auth login+ restarted dev server~/Library/Preferences/shopify-cli-*Expected Behavior
POST /cart/add should return a JSON response with cart data.
Actual Behavior
Returns 401 (empty body) then 403 (HTML with
<!DOCTYPE) withClear-Site-Dataheader on the response.