Contact Us

REQ-00206

implemented security required system / operations

Statement

The contact form shall submit validated data to the Postmark HTTP API for transactional email delivery; API credentials shall not be exposed to the client.

Rationale

The Postmark HTTP API (not the Node.js SDK) is required for Cloudflare Workers compatibility. Server-side execution ensures credentials are never included in client-side bundles or responses.

Notes

Credentials are read from server-side environment variables. The form submission endpoint runs as an Astro API route under src/pages/api/. Client-side validation uses WA form controls; server-side validation runs in the endpoint before sending.

Topics

Owner: operational

Related: rendering-runtime , component-system

Applies To

Tags

contact-form postmark security server-side

Search

Search across pages and articles. Use arrow keys to navigate results.

Search across pages and articles.

Loading search...

Search is unavailable. Please try again later.

    No results for ""

    Try different keywords or fewer words.

    This site uses cookies and tracking technologies to improve your experience. You can accept all tracking, reject optional tracking, or allow only required functionality. Privacy Policy