With another afternoon's work on the contact form processor, it's good enough now to put it up on the site. (And if it's not, I'm going to find out about its shortcomings pretty quickly.)
To cut down the form spam a bit I've added a couple of items:
- I'm checking for a key to be present in the request header before allowing any submissions to be processed. (This key can be forged – it's not full-on OAuth2 – but it'll avoid most bot submissions, I think.)
- I've added CORS support. So, at least in CORS-compliant browsers, I can restrict the submission origin to a single site. In this case, mine!
(If you're code-inclined, and want to play, you can find the current version on GitHub.)
That said, I hope it will work easily for you when you visit here. You can use it now on my new contact page!