improvement of the contact form processing:

* always use CONTACT_REPLY_EMAIL as sender email (issue #6)
* add the ability to use a hidden field to set the redirection page

README.md

@@ -171,10 +171,10 @@ Regardless of the deployment platform (Google App Engine, Kubernetes, Docker), t
 * `SMTP_VERITY_CERT`: Tell whether the SMTP certificate should be validated against top level authorities. If you're using a self-signed certificate on the SMTP server, this value must be set to `false`.
 * `SMTP_CLIENT_USERNAME`: Set the username to connect to the SMTP server.
 * `SMTP_CLIENT_PASSWORD`: Set the password to connect to the SMTP server.
-* `CONTACT_REPLY_EMAIL`: Set an email address for the reply email. It's not necessary a valid email address, for example if don't want the user to reply you can use something like `noreply@example.com`.
+* `CONTACT_REPLY_EMAIL`: Set an email address for the reply email. It's not necessary a valid email address; for example if don't want the user to reply the email, you can set something like `noreply@example.com`.
 * `CONTACT_REPLY_BCC_EMAIL`: Sets an email address for bcc copy of the email sent to the user. This is useful for tracking and follow up.
 * `DEMO_URL`: Specific for demo forms, it can be used to set the URL of the demo site that will be included to the user reply email (e.g. `https://demo.example.com/`). 
-* `ALLOWED_ORIGINS`: Set a list of comma-separated domains that the `hugo-mx-gateway` App shoudl trust. This is for security reason to filter requests. Only requests with an `Origin` header belonging to the defined origins will be accepted, through it's only required that the request has a valid `Referer` header. It's expected in the future to these request filtering and admission rules.
+* `ALLOWED_ORIGINS`: Set a list of comma-separated list of domains that the `hugo-mx-gateway` App should trust. For security reason, only requests with an `Origin` header belonging to the defined list of origins will be accepted.
 * `RECAPTCHA_PRIVATE_KEY` (optional): The [reCaptcha](https://www.google.com/recaptcha/intro/v3.html) private key.
 * `TEMPLATE_DEMO_REQUEST_REPLY` (optional): Specify the path of the template to reply a demo request. The default templare is `templates/template_reply_demo_request.html`. The template is based on [Go Template](https://golang.org/pkg/text/template/). 
 * `TEMPLATE_CONTACT_REQUEST_REPLY` (optional): Specify the path of the template to reply a contact request. The default templare is `templates/template_reply_contact_request.html`. The template is based on [Go Template](https://golang.org/pkg/text/template/). 

samples/hugo-partial-contact-form.html

@@ -23,6 +23,8 @@
             <label for="subject">Subject</label>
             <input type="text" name="subject" id="subject"  value="" placeholder="Need help or expertise?" />
             <input type="hidden" name="target" id="target"  value="contact" />
+            <!-- Leave blank or set the value of this field is set with valid URL. If set, the backend service will use the value as redirect URL once the form submitted. -->
+            <input class="form-input" type="hidden" name="requestOrigin" id="requestOrigin"  value="" />
          </div>
          <div class="form-item">
             <label for="message">Message</label>

sendmail.go

@@ -47,6 +47,7 @@ type ContactRequest struct {
 	Subject       string `json:"subject,omitempty"`
 	Message       string `json:"message,omitempty"`
 	RequestTarget string `json:"requestType,omitempty"`
+	OriginURI     string `json:"originURI,omitempty"`
 }
 
 type ContactResponse struct {
@@ -109,7 +110,7 @@ func (m *SendMailRequest) Execute() error {
 		return fmt.Errorf("failed issuing MAIL command (%s)", err)
 	}
 
-	// Set recipents
+	// Set recipients
 	for _, recipient := range m.to {
 		err = smtpClient.Rcpt(recipient)
 		if err != nil {
@@ -219,6 +220,7 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) {
 		Subject:       httpReq.FormValue("subject"),
 		Message:       httpReq.FormValue("message"),
 		RequestTarget: httpReq.FormValue("target"),
+		OriginURI:     httpReq.FormValue("requestOrigin"),
 	}
 
 	var recipients []string
@@ -254,20 +256,19 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) {
 	}
 
 	replyTplFile := ""
-	contactEmail := viper.GetString("CONTACT_REPLY_EMAIL")
 	if contactRequest.RequestTarget == "demo" {
 		replyTplFile = viper.GetString("TEMPLATE_DEMO_REQUEST_REPLY")
 		if replyTplFile == "" {
 			replyTplFile = "./templates/template_reply_demo_request.html"
 		}
 	} else {
-		contactEmail = contactRequest.Email
 		replyTplFile = viper.GetString("TEMPLATE_CONTACT_REQUEST_REPLY")
 		if replyTplFile == "" {
 			replyTplFile = "./templates/template_reply_contact_request.html"
 		}
 	}
 
+	contactEmail := viper.GetString("CONTACT_REPLY_EMAIL")
 	sendMailReq := NewSendMailRequest(
 		contactEmail,
 		recipients,
@@ -296,20 +297,20 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) {
 		contactResponse.Message = "Invalid request, please review your input and try again."
 	}
 
-	refererURL, err := url.Parse(httpReq.Header.Get("Referer"))
+	originURL, err := url.Parse(contactRequest.OriginURI)
 	if err != nil {
-		log.Println(err.Error())
-		refererURL = &url.URL{} // continue with default (empty) url
+		log.Printf("error parsing the origin URL %s (%s)", originURL, err.Error())
+		originURL = &url.URL{} // continue with default (empty) url
 	}
 
-	q := refererURL.Query()
+	q := originURL.Query()
 	q.Set("status", contactResponse.Status)
 	q.Set("message", contactResponse.Message)
-	refererURL.RawQuery = q.Encode()
+	originURL.RawQuery = q.Encode()
 
 	respRawData, _ := json.Marshal(contactResponse)
 
-	httpResp.Header().Set("Location", refererURL.String())
+	httpResp.Header().Set("Location", originURL.String())
 	httpResp.WriteHeader(http.StatusSeeOther)
 	httpResp.Header().Set("Content-Type", "application/json; charset=UTF-8")
 	httpResp.Write(respRawData)