What you're trying to protect yourself against here is CSRF (Cross Site Request Forgery) and not MITM.
Once you switch to https a MITM attack is virtually impossible and adding items to a cart typically doesn't require CSRF protection (unlike the payment action itself). Make sure to also read XSS & CSRF: Practical explotation of post-authentication vulnerabilities.
However, if a malicious person manages to position themselves in between the user and your site before you switch to https, they would be able to rewrite your shop links as well, but without using https; it would then be up to your users to be vigilant about the lock icon in the address bar.