Thanks for this interesting feedback about combining new POST credentials authentication with custom homepage.
As for your first point about <input type="hidden" name="homeurl" value="..."> tag, pretty sure what you're asking for here is not currently expected behavior. By spec, we're only watching for two POST parameters on the receiving end, 'user' and 'pwd'. Whereas 'homeurl' is a URL request parameter (that could conceivably thus be retrieved via GET). But this is an interesting idea for a potential addition to the POST feature, and I've documented it internally for review.
As for your second point about the malformed URL after failing authentication (with the homeurl name-value pair contained in the form action URL), this just seems to be a bug. I've also documented that internally for review. Note that if you use our default 'fmwebd_home.html' sample custom homepage (as in my below test page), you won't actually see this issue (resultant URL will end with just custom homepage). But if I swap in our default 'index.html' page for the custom homepage instead, then URL issue you report will occur.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<form action="http://localhost/fmi/webd/testfile?homeurl=http://localhost/fmwebd_home.html" method="post">
User: <input type="text" name="user" value=""><br><br>
Password: <input type="password" name="pwd" value=""><br><br>
<input type="submit" value="Submit">
2 of 2 people found this helpful
The WebDirect Development team has since responded that the second issue reported here (extra URL parameters after failed login with POST credentials and custom homepage in form action URL) is actually intended behavior. So the solution developer can decide what to do in the error case. The loginerr=212 can be used, for example, to redirect the user somewhere else, pop up an error message, or have a followup login dialog display that error message.