Update ContactForm component to use dynamic origin for API requests and ensure CSRF token is included in form submissions

- Modified API fetch calls in the ContactForm to use window.location.origin for better compatibility across environments.
- Ensured CSRF token is appended to form data before submission for enhanced security.

src/components/ContactForm.astro

@@ -32,7 +32,7 @@
 <script>
 async function fetchCsrfToken() {
   try {
-    const response = await fetch('/api/contact?csrf=true');
+    const response = await fetch(window.location.origin + '/api/contact?csrf=true');
     const data = await response.json();
     const csrfTokenInput = document.getElementById('csrf_token');
     if (csrfTokenInput) {
@@ -52,9 +52,13 @@ if (contactForm && feedbackDiv) {
   contactForm.onsubmit = async function (e) {
     e.preventDefault();
     const formData = new FormData(this as HTMLFormElement);
+    const csrfTokenInput = document.getElementById('csrf_token') as HTMLInputElement | null;
+    if (csrfTokenInput) {
+      formData.append('csrf_token', csrfTokenInput.value);
+    }
     let res, data;
     try {
-      res = await fetch('/api/contact', { method: 'POST', body: formData });
+      res = await fetch(window.location.origin + '/api/contact', { method: 'POST', body: formData });
       data = await res.json();
       console.log('Contact API response:', data);
     } catch (_err) {
@@ -97,7 +101,7 @@ if (manualReviewForm) {
     const justification = manualJustification.value;
     const token = manualToken.value;
 
-    const res = await fetch('/api/contact/manual-review', {
+    const res = await fetch(window.location.origin + '/api/contact/manual-review', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ email, justification, token }),