From e19dc8eb3e61619fb07c9e43f8020dadf88c8c6a Mon Sep 17 00:00:00 2001
From: Richard Bergsma <richard@365devnet.eu>
Date: Thu, 26 Jun 2025 23:03:27 +0200
Subject: [PATCH] Update ContactForm component to use dynamic origin for API
 requests and ensure CSRF token is included in form submissions

- Modified API fetch calls in the ContactForm to use window.location.origin for better compatibility across environments.
- Ensured CSRF token is appended to form data before submission for enhanced security.
---
 src/components/ContactForm.astro | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/components/ContactForm.astro b/src/components/ContactForm.astro
index f8ef31c..c5a0239 100644
--- a/src/components/ContactForm.astro
+++ b/src/components/ContactForm.astro
@@ -32,7 +32,7 @@
 <script>
 async function fetchCsrfToken() {
   try {
-    const response = await fetch('/api/contact?csrf=true');
+    const response = await fetch(window.location.origin + '/api/contact?csrf=true');
     const data = await response.json();
     const csrfTokenInput = document.getElementById('csrf_token');
     if (csrfTokenInput) {
@@ -52,9 +52,13 @@ if (contactForm && feedbackDiv) {
   contactForm.onsubmit = async function (e) {
     e.preventDefault();
     const formData = new FormData(this as HTMLFormElement);
+    const csrfTokenInput = document.getElementById('csrf_token') as HTMLInputElement | null;
+    if (csrfTokenInput) {
+      formData.append('csrf_token', csrfTokenInput.value);
+    }
     let res, data;
     try {
-      res = await fetch('/api/contact', { method: 'POST', body: formData });
+      res = await fetch(window.location.origin + '/api/contact', { method: 'POST', body: formData });
       data = await res.json();
       console.log('Contact API response:', data);
     } catch (_err) {
@@ -97,7 +101,7 @@ if (manualReviewForm) {
     const justification = manualJustification.value;
     const token = manualToken.value;
 
-    const res = await fetch('/api/contact/manual-review', {
+    const res = await fetch(window.location.origin + '/api/contact/manual-review', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ email, justification, token }),