Internet & ToolsChatGPT wrote a beautiful fetch call. The code looks correct, proper URL, proper headers, proper JSONWhat is json?A text format for exchanging data between systems. It uses key-value pairs and arrays, and every programming language can read and write it. body. But the component shows "Loading..." forever, or the data comes back empty, or you get a cryptic error. The code is not the problem; the HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted. request is. And the only way to see what actually happened over the wire is the Network panel.
Every APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. interaction AI generates is a black box until you open the Network panel and see what the browser actually sent and what the server actually returned.
Reading the request list
Every row in the Network panel represents one HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted. request. The columns give you an immediate overview:
| Column | What it shows | What to check for AI code |
|---|---|---|
| Name | Endpoint path | Did AI use the right URL? |
| Status | HTTP status code | Is it 200 or an error code? |
| Type | Resource type (fetch, xhr, script) | Filter to Fetch/XHR for API calls |
| Initiator | What triggered the request | Which file and line made this call? |
| Size | Bytes transferred | Is the response empty (0 B)? |
| Time | Total request duration | Is the server responding at all? |
| Waterfall | Visual timeline of the request | Where is the time being spent? |
Click "Fetch/XHR" in the filter bar to show only APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. calls. This immediately hides all static assets (images, stylesheets, scripts) and lets you focus on the requests AI generated.
HTTPWhat is http?The protocol browsers and servers use to exchange web pages, API data, and other resources, defining how requests and responses are formatted. status codes, what they mean for your AI code
When an AI-generated fetch call fails, the status codeWhat is status code?A three-digit number in an HTTP response that tells the client what happened: 200 means success, 404 means not found, 500 means the server broke. tells you exactly what went wrong.
| Status | Meaning | Common AI mistake |
|---|---|---|
| 200 | Success | No problem, check the response body shape |
| 201 | Created | POST worked, but AI might not handle this differently from 200 |
| 400 | Bad Request | AI sent malformed JSON or missing required fields |
| 401 | Unauthorized | AI forgot to include the auth token or session cookie |
| 403 | Forbidden | Auth token is present but lacks permission, wrong scope or role |
| 404 | Not Found | AI used the wrong endpoint URL or wrong HTTP method |
| 422 | Unprocessable | Request shape is wrong, field names or types don't match API spec |
| 429 | Too Many Requests | AI code is calling the API in a tight loop without throttling |
| 500 | Server Error | Not your fault, but AI might be sending data that crashes the server |
// Copilot generated this - but it returns 401
const response = await fetch('/api/users', {
method: 'GET',
headers: {
'Content-Type': 'application/json'
// BUG: Copilot forgot the Authorization header!
}
});Inspecting a request in detail
Click any request to open a detail pane with several tabs:
Headers tab
Shows the request method, URL, status codeWhat is status code?A three-digit number in an HTTP response that tells the client what happened: 200 means success, 404 means not found, 500 means the server broke., and all headers. This is where you check for:
- Missing
Authorizationheader (most common AI mistake) - Wrong
Content-Type(AI sendstext/plaininstead ofapplication/json) - CORSWhat is cors?Cross-Origin Resource Sharing - a browser security rule that blocks web pages from making requests to a different domain unless that domain explicitly allows it. errors (missing
Access-Control-Allow-Originin response headers)
Request Headers (what your browser sent):
Authorization: Bearer eyJhbG... ← Is this present? Is the token valid?
Content-Type: application/json ← Is this correct for the API?
Response Headers (what the server returned):
Access-Control-Allow-Origin: * ← Is CORS configured?
Set-Cookie: session=abc123 ← Is the session being set?PayloadWhat is payload?The data sent in the body of an HTTP request, such as the JSON object you include when creating a resource through a POST request. tab
Shows the body of the request, the JSONWhat is json?A text format for exchanging data between systems. It uses key-value pairs and arrays, and every programming language can read and write it. you sent in a POST or PUT. If the APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. is rejecting your request, compare what you sent against what the API expects.
// ChatGPT generated this POST body
// But the API expects "email", not "mail"
{
"name": "Alice",
"mail": "alice@example.com" // Wrong field name!
}Preview and Response tabs
Preview shows the response body formatted and syntax-highlighted. Response shows the raw text. If the server returned an error message, it is here, often with specific details about what was wrong.
Timing tab
Breaks down where the time was spent:
| Phase | What it means | If it's slow... |
|---|---|---|
| Queueing | Waiting for a free connection | Too many parallel requests |
| DNS Lookup | Resolving hostname to IP | First request to a new domain |
| Initial connection | TCP handshake | Normal for first request |
| SSL | TLS negotiation | Normal for HTTPS, ~50-100ms |
| Waiting (TTFB) | Server processing time | Backend is slow, not a frontend issue |
| Content download | Receiving the response body | Response is too large, paginate |
Debugging CORSWhat is cors?Cross-Origin Resource Sharing - a browser security rule that blocks web pages from making requests to a different domain unless that domain explicitly allows it. errors
CORS errors are one of the most common problems with AI-generated fetch calls. The browser blocks the request, the Console shows a red error, and the Network panel shows the request as failed.
Access to fetch at 'https://api.example.com/users' from origin
'http://localhost:3000' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present.In the Network panel, look for a preflight OPTIONS request that appears before your actual request. If the OPTIONS request fails or is missing the right headers, the real request never fires.
// Claude generated this fetch - but it triggers CORS
// because it added a custom header
const response = await fetch('https://api.example.com/users', {
headers: {
'X-Custom-Header': 'value' // This triggers a CORS preflight
}
});
// Fix: remove custom headers, or configure CORS on the serverCopying and replaying requests
Right-clicking any request gives you options for extracting and replaying it:
# "Copy as cURL" gives you something like:
curl 'https://api.example.com/users' \
-H 'Authorization: Bearer eyJ...' \
-H 'Content-Type: application/json' \
--data '{"page":1,"limit":20}'Paste that directly into your terminalWhat is terminal?A text-based interface where you type commands to interact with your computer. Also called the command line or shell. to replay the request with all original headers and cookies. This removes the browser as a variable and lets you test the APIWhat is api?A set of rules that lets one program talk to another, usually over the internet, by sending requests and getting responses. independently.
"Copy as fetch" gives you the same request formatted as JavaScript you can paste into the Console and run directly, useful for testing modifications to the request.
Quick reference
| Task | Where to look | What to check |
|---|---|---|
| API call not working | Network → Fetch/XHR filter | Status code, request URL |
| Auth failing | Headers tab → Request Headers | Is Authorization header present? |
| Wrong data returned | Preview/Response tab | Does the shape match what AI expects? |
| Request body wrong | Payload tab | Do field names match the API spec? |
| Slow response | Timing tab | Is TTFB high (server) or download slow (payload size)? |
| CORS error | Console + Network | Look for failed OPTIONS preflight request |
| Reproduce outside browser | Right-click → Copy as cURL | Test in terminal without browser |