magento2: Add to Cart Form wrong Form Key in FPC

When the page initially loads the formkey that is placed on the page is cached between independent requests. This is not an issue if the entire page loads before the “Add to Cart” button is pressed, however if the Add to Cart is clicked before the Javascript has fully initialized (and therefore the form is actually posted via a standard POST HTTP request) then the formkey that is sent in the form data does not match the users session and the product is not added to the cart.

Preconditions

1. Magento CE 2.2.2 with sample data installed
2. Full Page Cache enabled
3. Redirect to cart on “Add to Cart” set to yes in configuration (Sales>Checkout>Shopping Cart)

Steps to reproduce

1. Open a browser window and navigate to a product page.
2. View the page source and search for the formkey that is part of product_addtocartform form (form id)
3. Note the form_key down
4. Open an incognito window and navigate to the same product page
5. View the page source again and search for the form_key field

Expected result

1. The two form_key values should be different

Actual result

1. The two form_key values are the same (meaning the second one is wrong as it will not match the cookie)

Additional information

• detailed explanation https://github.com/magento/magento2/issues/13746#issuecomment-368062429
• confirmed for 2.4-develop https://github.com/magento/magento2/issues/13746#issuecomment-570216197