I am trying to pass some query params to my http function in Firebase in a secure way. My params are not really sensitive like passwords, etc, they are some booleans, etc that determines logic server side.

When I try a simple <form> with method GET or PUT the res.query shows the values not when I use POST.

  <form id="form" action="https://us-central1-***.cloudfunctions.net/myfuncName" 
   method="post">
  <input type="text" name="id" value="test">
  </form>

I submit the form in Javascript by

this.getElementById("form").submit();

in my function I have :

function(req, res) {
    const param = req.query;
    console.log('query param is ' , param); //{} when form method is POST 
}

I expect to be able to get id from res.query in my function but I get null {}. If I change method to GET or PUT then I see {id:test}.

Any suggestion on enhancing the security of this would be appreciate too. Thanks.

res.query allows you to get parameters coming from the query string of a request. A POST request doesn't use the query string, so you can't use res.query. POST sends parameters to the request body.

To access POST parameters in the request body that are coming form a form, you can use req.body as described in the Cloud Functions documentation.