For websites using HTTPS, are files uploaded via POST encrypted?

Question

I'm using the official Flask tutorial for learning how to upload files to a web server and I noticed the use of <input type=file>. I did some research as to whether data submitted via POST is encrypted in HTTPS and it appears that is the case. Are files uploaded with <input type=file> included?

Answer 1

When you use https, the following parts are encrypted :

• The type of the request ( GET, POST, ... )
• The URI of the request (the path and the parameters)
• The headers of the request (cookies, ...)
• The body of the request ( POST parameters, files upload... )
• The headers of the answer
• The body of the answer

What is not encrypted :

• The IP and the port used by the client and the server
• The full name of the domain (Because of SNI)

Answer 2

Yes. The SSL/TLS encryption encryption encrypts the connection at a lower level -- everything sent through the "pipe" is encrypted.