-1

I'm working on nodejs api where I need to pass username and password in post request url at params with axios package, for example: http://someUrl:5000/oauth/token?client_id=clusterName&username=johndoe&password=password

I have an issue when i'm passing password with # at the beggining, what i'm getting is: http://someUrl:5000/oauth/token?client_id=clusterName&username=johndoe&password=

the url sliced after the # character , when i'm passing # in middle of the password all works fine, thanks for your help

Zoe
  • 27,060
  • 21
  • 118
  • 148
arikbi
  • 55
  • 6
  • Please visit [help], take [tour] to see what and [ask]. Do some research, search for related topics on SO; if you get stuck, post a [mcve] of your attempt, noting input and expected output. – mplungjan Mar 26 '20 at 08:18
  • Use the request body to pass credentials, doing so over a query string like this is completely insecure and can be read in the clear even over TLS. – sovemp Jul 29 '21 at 15:46
  • But to answer your question, as the answer says the part after the `#` is a fragment and is not parsed as party of the query string parameters. The fragment is typically used for hyperlink anchors and routing in SPA applications. – sovemp Jul 29 '21 at 15:47

1 Answers1

0

String after hash is different part of url and it's called fragment. So it cannot be part of query params. See this response: What are fragment URLs and why to use them?

In your case it's better to use payload to send user's credentials instead of query parameters.

Marek Szkudelski
  • 1,102
  • 4
  • 11