Are security concerns sending a password using a GET request over https valid?

Question

We have webpage which uses the sapui5-framework to build a spa. The communication between the browser and the server uses https. The interaction to log into the page is the

Answer 1

Consider this:

https://www.example.com/login

Javascript within login page:

$.getJSON("/login?user=joeblow&pass=securepassword123");

What would the referer be now?

If you're concerned about security, an extra layer could be:

var a = Base64.encode(user.':'.pass);
$.getJSON("/login?a="+a);

Although not encrypted, at least the data is obscured from plain sight.