req.send(new FormData(formElement)) in to call HttpServlet

I need to develop a Login Page with an HTML page, javascript and Java Servlet.

This is my problem. The params of the login form seem to be always empty debugging request servlet.
In Javascript I encounter this error on req.send(new FormData(…)) line.

(Part of) HTML File:

<div class="container" style="max-width: 30%; margin: 0;  position: absolute;  top: 50%;  left: 50%;  transform: translate(-50%, -50%); ">
    <h1>Login</h1>
    <h3>Accedi per effettuare i tuoi ordini</h3>
    <div id="errormessage" class="alert alert-warning" role="alert"></div>
    <form action="#">
        <fieldset>
    <div class="form-group">
        <label for="username">Username</label>
        <input required type="text" name="username" id="username" class="form-control">
    </div>
    <div class="form-group">
        <label for="pwd">Password</label>
        <input required type="password" class="form-control" name="pwd" id="pwd">
    </div>
    <input type="button" class="btn btn-primary" id="loginbutton" value="Accedi">
        </fieldset>
    </form>

utils.js

function makeCall(method, url, formElement, cback, reset = true) {
        var req = new XMLHttpRequest(); // visible by closure
        req.onreadystatechange = function() {
          cback(req)
        }; // closure
        req.open(method, url);
        if (formElement == null) {
          req.send();
        } else {
          req.send(new FormData(formElement));
        }
        if (formElement !== null && reset === true) {
          formElement.reset();
        }
      }

loginManagement.js

(function() { // avoid variables ending up in the global scope

  document.getElementById("loginbutton").addEventListener('click', (e) => {
    var form = e.target.closest("form");
    if (form.checkValidity()) {
      makeCall("POST", 'login', form,
        function(req) {
          if (req.readyState == XMLHttpRequest.DONE) {
            var message = req.responseText;
            switch (req.status) {
              case 200:
                sessionStorage.setItem('username', message);
                window.location.href = "home.html";
                break;
              case 400: // bad request
                document.getElementById("errormessage").textContent = message;
                break;
              case 401: // unauthorized
                  document.getElementById("errormessage").textContent = message;
                  break;
              case 500: // server error
                document.getElementById("errormessage").textContent = message;
                break;
            }
          }
        }
      );
    } else {
         form.reportValidity();
    }
  });

})();