Post data to NodeJS server from Wordpress form

Question

I use Wordpress as CMS and I would like send data from a Wordpress HTML form to my NodeJS server for processing. What is a solid, reliable way to achieve this? (NodeJS is on a separate server from Wordpress)

Below is the JQuery script I added on a Wordpress page:

<form id="sendForm">
 <input type="text" name="email" placeholder="E-mail">
 <button type="button" name="button" id="submitButton">submit</button>
</form>

<script type="text/javascript">
 var myNodeJSServer = "http://myNodeServer.com";
 jQuery("#submitButton").click(function() {
  jQuery.post(myNodeJSServer, jQuery("#sendForm").serialize());
 });
</script>

For this to work, I had to allow all origins in the Node server. Is this not secure for a production environment?

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

Answer 1

For this to work, I had to allow all origins in the Node server. Is this not secure for a production environment?

It's certainly not a best practice; there's always risk involved with any public-facing web server, so you should always aim to reduce your attack surface. In this case, you absolutely should limit which origins you'll accept data from.

See the MDN documentation for Access-Control-Allow-Origin :

res.header("Access-Control-Allow-Origin", "https://developer.mozilla.org")

I don't know what your origin domain is, but it should look something like this.

Note: if your Wordpress CMS is on a subdomain of wordpress.com , it's vitally important to put the subdomain in your accepted origin (ie mysite.wordpress.com ) -- otherwise you'd be accepting submissions from any wordpress.com site.