Ad

Is It Normal I Can See Clear Password In Request Payload With An Https Request?

- 1 answer

I was wondering if it was normal for me to see in the console, under network, my email and password clear in the login request?

I am currently making a login mechanism for a website and I wanted to go to the secure side. So I added https over my express server, and now my login requests are sent to https://localhost:PORT

I thought informations were encrypted before sent to the network. So I was surprise to see in the chrome's network monitor that both of my email and password were human readable...

Then I thought I did something wrong but when I went to another https website and logged in, the same append.

So my question is: are the informations encrypted afer logged in network monitor? Can't somebody steal these informations?

Thank you, I'm very new to this domain

Ad

Answer

Chrome's Network Monitor sits before the encryption step / after the decryption step.

HTTPS keeps data encrypted between the client and the server. It needs to be available in decrypted form on the client and the server.

Ad
source: stackoverflow.com
Ad