Password visible in network tab for request to `signUp.email`

Hello,
I'm using Better Auth in tandem with Next.js and react-hook-form and I'm seeing that the password is a raw string in the request body, like in the attached image. Is this a concern? It seems like it could be a problem, but there's nothing in the docs about it so I'm wondering if this is an issue I should spend time on.

This is the relevant code, if that helps:

async function onSubmit(values: z.infer<typeof formSchema>) {
  if (values.password !== values.confirmPassword) {
    toast.message("Passwords do not match", {
      description: "Please check your passwords and try again.",
    });
    return;
  }

  await signUp.email({
    email: values.email,
    password: values.password,
    name: values.name,
    callbackURL: "/",
    fetchOptions: {
      onSuccess: () => {
        toast.success("You have successfully signed up.");
        redirect("/");
      },
      onResponse: () => {
        setLoading(false);
      },
      onRequest: () => {
        setLoading(true);
      },
      onError: (ctx) => {
        toast.error(ctx.error.message);
      },
    },
  });
}

async function onSubmit(values: z.infer<typeof formSchema>) {
  if (values.password !== values.confirmPassword) {
    toast.message("Passwords do not match", {
      description: "Please check your passwords and try again.",
    });
    return;
  }

  await signUp.email({
    email: values.email,
    password: values.password,
    name: values.name,
    callbackURL: "/",
    fetchOptions: {
      onSuccess: () => {
        toast.success("You have successfully signed up.");
        redirect("/");
      },
      onResponse: () => {
        setLoading(false);
      },
      onRequest: () => {
        setLoading(true);
      },
      onError: (ctx) => {
        toast.error(ctx.error.message);
      },
    },
  });
}

async function onSubmit(values: z.infer<typeof formSchema>) {
  if (values.password !== values.confirmPassword) {
    toast.message("Passwords do not match", {
      description: "Please check your passwords and try again.",
    });
    return;
  }

  await signUp.email({
    email: values.email,
    password: values.password,
    name: values.name,
    callbackURL: "/",
    fetchOptions: {
      onSuccess: () => {
        toast.success("You have successfully signed up.");
        redirect("/");
      },
      onResponse: () => {
        setLoading(false);
      },
      onRequest: () => {
        setLoading(true);
      },
      onError: (ctx) => {
        toast.error(ctx.error.message);
      },
    },
  });
}

async function onSubmit(values: z.infer<typeof formSchema>) {
  if (values.password !== values.confirmPassword) {
    toast.message("Passwords do not match", {
      description: "Please check your passwords and try again.",
    });
    return;
  }

  await signUp.email({
    email: values.email,
    password: values.password,
    name: values.name,
    callbackURL: "/",
    fetchOptions: {
      onSuccess: () => {
        toast.success("You have successfully signed up.");
        redirect("/");
      },
      onResponse: () => {
        setLoading(false);
      },
      onRequest: () => {
        setLoading(true);
      },
      onError: (ctx) => {
        toast.error(ctx.error.message);
      },
    },
  });
}

Solution

Not a problem at all, the server will take that password and hash it and stored it encrypted, have a look at any other sign in form the network tab is a log for that page of all requests made once the tab is reloaded the log is cleared.

Jump to solution

Password visible in network tab for request to `signUp.email`

Similar Threads

Similar Threads

Similar Threads