Because then the hash is the password. Someone could just send the hash instead of trying to find a password that gets the correct hash. You can’t trust the client that much.
You can hash the password on both sides to make it work; though I’m not sure why you’d want to. I’m not sure what attack never having the plain text password on the server would prevent. Maybe some protection for MITM with password reuse?
Because then the hash is the password. Someone could just send the hash instead of trying to find a password that gets the correct hash. You can’t trust the client that much.
You can hash the password on both sides to make it work; though I’m not sure why you’d want to. I’m not sure what attack never having the plain text password on the server would prevent. Maybe some protection for MITM with password reuse?