26.3. POST Form Submission

26.3.1. Form Submission Using POST

Instead of using GET and query parameters to submit form data, we can use POST. To submit a form using a POST request, set the form’s method attribute to "POST". Form data submitted via POST will be submitted in the body of the HTTP request. Data submitted by GET requests is less secure than POST because GET request URLs and the query parameters are cached and logged, possibly leaking sensitive data.

Example

Form with method="POST"

<form action="" method="POST">
   <label>Username <input type="text" name="username"></label>
   <label>Team Name <input type="text" name="team"></label>
   <button>Submit</button>
</form>

26.3.2. Send Form Submission to a Server

The action and method attributes allow us to choose where the form request will be sent and what type of request will be sent. How do we configure what happens in response to a form submission?

Form handlers are web server actions that receive, inspect, and process requests. They then send a response to the client. For this unit we are going to use form handlers that have already been created for us.

Example

When submitted, this form will send a POST request to the form handler defined by the action attribute.

1
2
3
4
5
<form action="https://handlers.education.launchcode.org/request-parrot" method="POST">
   <label>Username <input type="text" name="username"></label>
   <label>Team Name <input type="text" name="team"></label>
   <button>Submit</button>
</form>

Try It!

  1. Open an example form that uses POST in a browser.

  2. Open the network tab of the developer tools

  3. Check “Persist Logs” in the network tab. (“Preserve Logs” in Chrome or Safari)

Screen shot of firefox browser with form loaded and network tab open.

Firefox browser with form loaded, network tab open, and Persist logs checked

  1. Enter data into the inputs

    • Type tracking into Username input

    • Type Requests into Team Name input

  2. Click Submit button

Web page showing submitted values and the entries in network tab.

Firefox browser with request handler loaded and network tab showing requests If you are not using Firefox, you will have a differnt output. Find the 200 POST request and click on it. If in Chrome, select Headers and scroll through this entire window for the rest of this demo.

  1. Inspect the data sent in the POST request

POST request highlighted with Params tab open showing Form data.

POST request highlighted with Params tab open showing Form data

Warning

Using POST for form submissions adds a very low level of security. Using HTTPS instead of HTTP adds a higher level of security. Configuring HTTPS is beyond the scope of this class.

26.3.3. Check Your Understanding

Question

What attribute on <form> determines if the form is submitted with GET or POST?

Question

What attribute on <form> determines where the request is sent?