Very strange behaviour of a post request using CLI vs Browser

Question

I am creating a very silly login system for a LAN.

I was so far just testing with CLI requests before writing the frontend.

Now I have both. I am logging the passwords on the other side, for example:

$: echo username=meeh&password=meeh | POST 127.0.0.1:3000/security/login
meeh
true

True is the comparison with a stored value in a database.

Now I go with the browser, no JS, just a form, and it logs this:

meeh
false

I also checked the Network tab, the post request is:

username=meeh&password=meeh

The form I use (I wrote it quite carefully so it is a bit long, but just username and password) is this one:

    <form 
    id="login" 
    enctype="application/x-www-form-urlencoded"  
    autocomplete="on" 
    class="form" >
      <!--username!...-->
      <div class="form_username">
        <p><label for="username">Username:</label></p>
          <input
            id="username"
            type="text"
            name="username"
            placeholder="Sergio"
            title="Single word (letters or numbers) with no spaces."
            pattern="\w{4,20}"
            minlength="4"
            maxlength="20"
            required
          />
          <small>Spaces are not allowed. The minimum length 4, the maximum 20
            characters.</small>
      </div>

      <!--password...-->
      <div class="form_password">
        <p><label for="password">Password:</label></p>

        <input
          id="password"
          type="password"
          name="password"
          placeholder="?my1password!"
          title="Include at least a special symbol a
number and a letter"
          pattern="[^\s]+"
          minlength="5"
          maxlength="20"
          required
        />
        <div class="form_seepwd">
        <input id='seepwd' type='checkbox'/>
        <span>See password</div>
        </div>
        <small>
          No spaces allowed. Minimum length 5, maximum 20 characters.
        </small>
      </div>
      <div class="form_submit">
      <input 
      formmethod="post"
      formaction="/security/login" 
      type="submit" 
      value="Login"/>
      </div>
    </form>

It is very weird to me, what do you think?

Answer 1

Funny thing, I logged a few values together, this is the output:

// POST using browser
meeh 4 false
//post using cli
meeh
 5 true

It seems that, for whatever reason, the registration using the command line adds a line break to the password!

I do not know why this happens. The moral may be that I should not forget that we can send POST requests in other ways than the browser, and we are not under control in those.

SO I am adding control in the server.