Is It Normal I Can See Clear Password In Request Payload With An Https Request?

- 1 answer

I was wondering if it was normal for me to see in the console, under network, my email and password clear in the login request?

I am currently making a login mechanism for a website and I wanted to go to the secure side. So I added https over my express server, and now my login requests are sent to https://localhost:PORT

I thought informations were encrypted before sent to the network. So I was surprise to see in the chrome's network monitor that both of my email and password were human readable...

Then I thought I did something wrong but when I went to another https website and logged in, the same append.

So my question is: are the informations encrypted afer logged in network monitor? Can't somebody steal these informations?

Thank you, I'm very new to this domain



Chrome's Network Monitor sits before the encryption step / after the decryption step.

HTTPS keeps data encrypted between the client and the server. It needs to be available in decrypted form on the client and the server.