Breakpoints on Chrome DevTools for node won’t work

I’m trying to debug a node app with Chrom DevTools. Here is the instruction that I followed:
Instruction

In brief I do this:
1- Run my app with command line npm start
2- Run the inspector with command node --inspect-brk app.js
3- Open chrome://inspect I see the following view:

enter image description here

4- click on “Open dedicated DevTools for node” link
5- I see thatit shows the files under (no domain) folder not (file:///) like bellow

enter image description here

When I ping the service with postman, breakpoints will not pause the app. What am I doing wrong here?

Chrome fails to download response body if HTTP status is an error code

I have a Node.js Express web server that returns an HTTP response JSON payload along with an error status (4xx or 5xx) when something goes wrong.

res.status(500).json({ error: 'message' });

From the Chrome browser developer console’s Timing section, I can see a lot of time (up to 5 minutes) spent in the “Content Download” segment and ultimately I am getting “Failed to load response data” in the Response section after download fails.

Chrome developer console timing output

Other browsers like Firefox and Opera are able to successfully download the JSON payload successfully and display them in their respective developer consoles.

If I send back the HTTP status as 200, Chrome has no trouble downloading the payload.

Also, if I do not set the Cache-Control HTTP headers to “no-store, no cache…”, Chrome is able to successfully download the payload with 4xx/5xx status. However, I would like to set this header as a good practice against cache misuse.

HTTP Response Headers in the success and failure case

Is there something specific I need to do for Chrome?

Thank you!

jwt: Why is my token shown in Chrome DevTools?

I have a API in Express.js that will create blog posts and add them to my database. When I make a request from my React app inside of DevTools it will show my JWT. I am worried that when my site goes live people can see my token and make a request from their site to add unwanted posts. Please tell me what is going on and how I can prevent the security error.