The challenge says:
In these kind of requests, the data doesn’t appear in the URL, it is hidden in the request body. This is a part of the HTML request, also called payload. Since HTML is text-based, even if you don’t see the data, it doesn’t mean that it is secret.
It should be “HTTP request”, not “HTML request”.
Also I don’t get the point in the third sentence “Since HTML is text-based, even if you don’t see the data, it doesn’t mean that it is secret”. What does HTML being text-based have to do with not seeing the data from a POST request? The response to an HTTP request doesn’t even necessarily have to be HTML, or even text-based. None of the examples up to this point has the response been HTML, but JSON. And how does HTML being text-based and not being able to see the data being sent in the request relate to the data being “secret” and why is that important?
Your browser information:
User Agent is:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.119 Safari/537.36.
Challenge: Use body-parser to Parse POST Requests
Link to the challenge: