I am new to the coding world.
I try to get this contact form I found working.
However, running it on localhost/xampp always gives me a Get strict-origin-when-cross-origin error.
I am trying that since a few days now.
Anyone an idea how to get that contact form with PHPMailer to work?
<?php
/* Handle CORS */
// Specify domains from which requests are allowed
header('Access-Control-Allow-Origin: *');
// Specify which request methods are allowed
header('Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS');
// Additional headers which may be sent along with the CORS request
header('Access-Control-Allow-Headers: X-Requested-With,Authorization,Content-Type');
// Set the age to 1 day to improve speed/caching.
header('Access-Control-Max-Age: 86400');
/**
* This example shows how to handle a simple contact form safely.
*/
//Import PHPMailer class into the global namespace
use PHPMailerPHPMailerPHPMailer;
$msg = '';
//Don't run this unless we're handling a form submission
if (array_key_exists('email', $_POST)) {
date_default_timezone_set('Etc/UTC');
require '../vendor/autoload.php';
//Create a new PHPMailer instance
$mail = new PHPMailer();
//Send using SMTP to localhost (faster and safer than using mail()) – requires a local mail server
//See other examples for how to use a remote server such as gmail
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]';
$mail->Password = 'xxx';
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
//Use a fixed address in your own domain as the from address
//**DO NOT** use the submitter's address here as it will be forgery
//and will cause your messages to fail SPF checks
$mail->setFrom('[email protected]', 'First Last');
//Choose who the message should be sent to
//You don't have to use a <select> like in this example, you can simply use a fixed address
//the important thing is *not* to trust an email address submitted from the form directly,
//as an attacker can substitute their own and try to use your form to send spam
$addresses = [
'sales' => '[email protected]',
'support' => '[email protected]',
'accounts' => '[email protected]',
];
//Validate address selection before trying to use it
if (array_key_exists('dept', $_POST) && array_key_exists($_POST['dept'], $addresses)) {
$mail->addAddress($addresses[$_POST['dept']]);
} else {
//Fall back to a fixed address if dept selection is invalid or missing
$mail->addAddress('[email protected]');
}
//Put the submitter's address in a reply-to header
//This will fail if the address provided is invalid,
//in which case we should ignore the whole request
if ($mail->addReplyTo($_POST['email'], $_POST['name'])) {
$mail->Subject = 'PHPMailer contact form';
//Keep it simple - don't use HTML
$mail->isHTML(false);
//Build a simple message body
$mail->Body = <<<EOT
Email: {$_POST['email']}
Name: {$_POST['name']}
Message: {$_POST['message']}
EOT;
//Send the message, check for errors
if (!$mail->send()) {
//The reason for failing to send will be in $mail->ErrorInfo
//but it's unsafe to display errors directly to users - process the error, log it on your server.
$msg = 'Sorry, something went wrong. Please try again later.';
} else {
$msg = 'Message sent! Thanks for contacting us.';
}
} else {
$msg = 'Invalid email address, message ignored.';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact form</title>
</head>
<body>
<h1>Contact us</h1>
<?php if (!empty($msg)) {
echo "<h2>$msg</h2>";
} ?>
<form method="POST">
<label for="name">Name: <input type="text" name="name" id="name"></label><br>
<label for="email">Email address: <input type="email" name="email" id="email"></label><br>
<label for="message">Message: <textarea name="message" id="message" rows="8" cols="20"></textarea></label><br>
<label for="dept">Send query to department:</label>
<select name="dept" id="dept">
<option value="sales">Sales</option>
<option value="support" selected>Technical support</option>
<option value="accounts">Accounts</option>
</select><br>
<input type="submit" value="Send">
</form>
</body>
</html>
Tried using different headers to allow CORS > same result