Send mail from Javascript_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-02 12:58 出处：网络

I\', doing my first Chrome extension and i\'m having some problems sending mails (without form) cause i cant\'t do it only with html+javascript and Chrome dont provide any tool to do it.

I', doing my first Chrome extension and i'm having some problems sending mails (without form) cause i cant't do it only with html+javascript and Chrome dont provide any tool to do it.

I'm thinking to do a service in my server that gets all the field of the mail as parameter with a POST call and then send mail with PHP, bu开发者_开发问答t i'm a bit worried about the security (everybody can call my service).

How can my server distinguish between messages coming from my Chrome extension and messages from other sources?

Sorry my english, Thanks!

You should implement some authorization mechanism. Check out Oauth.

PS1: Use Oauth2 (follow the link at the bottom of the oauth website).

PS2: I found a nice guide also here: http://hueniverse.com/2007/10/beginners-guide-to-oauth-part-i-overview/

i cant't do it only with html+javascript and Chrome dont provide any tool to do it

Indeed, all you can do on the client side is open a mailer and let the user send themselves. (That's probably a good thing, too.)

I'm thinking to do a service in my server that gets all the field of the mail as parameter with a POST call and then send mail with PHP, but i'm a bit worried about the security (everybody can call my service).

If you're freely distributing a Chrome extension, anyone who gets a copy can reproduce any authorisation mechanism you implement in the extension. You can apply various obfuscation techniques to try to make this less obvious, but in the end you have already handed over the keys so there's nothing you can do to stop anyone accessing your service.

In that case, include only a token protection, such as a source=myextension parameter, just to stop the service getting hit by automated spiders if the stumble across the address. Then concentrate on making sure the form-mail service itself is secure and only allows specific mail bodies to be sent to predefined addresses, so it can't be abused for spam.

If you have restricted distribution of the extension so that everyone can have their own access key, you could do more.

It's been awhile since I did this but you can also serialize the form into a mailto: link and then trigger that link. The email will then popup in the user's default mail client.