A failure occurs. (This pattern is generic and worth giving a quick thought whenever someting goes wrong.)


Look around in the code that appears to cause the failure. – Are there any tools being used which you have introduced recently? Check their documentation to make sure you understand them fully. If you had an old tool that used to do the job, substitute it for the new tool temporarily and see if the failure goes away. If it does, proceed to Spot the differences.


Your client makes requests that mysteriously fail with a 401 Unauthorized. You look around and notice that the code involved uses the Fetch API for Ajax calls, rather than jQuery.ajax, which you've been using up to now.

You substitute jQuery.ajax for fetch and find that the failure goes away. Now you Spot the differences between the request headers and notice that fetch doesn't send X-CSRF-Token. Voilà.