ProcessWire Weekly #271

In the processwire.com blog this week: two new WireMail modules and instructions for using Gmail as your SMTP server

This week's blog post features two new WireMail modules: Mail Router and Gmail. In addition there's a whole section on using Gmail an SMTP server for some of the existing WireMail modules – namely WireMailPHPMailer and WireMailSmtp. We'll cover the new modules here briefly, but be sure to check out the full blog post for more details!

WireMail: Mail Router

WireMail: Mail Router is a WireMail module that sends email through other WireMail modules based upon configurable rules. The WireMailRouter module configuration screen lets you specify text-matching rules – in plain text format, or regex – for each WireMail module that you have installed, and also for when to use the core WireMail (PHP mail) – or even automatically fail, or skip, a specific message.

By default aforementioned rules match text in the "to" field (recipient email address), but you can also specifically target other parts of the message by specifying the target in the rule: [property]:[rule]. Here's a list of properties you can target this way:

• toName
• from
• fromName
• replyTo
• replyToName
• subject
• body
• bodyHTML
• header

Read more about WireMailRouter »

WireMail: Gmail

WireMail: Gmail enables using the Google OAuth2 API for sending email in ProcessWire. This is the method preferred by Google, and although it takes a bit more work to set up (compared to using Gmail as an SMTP server, which we'll get to later) it is quite reliable once properly set up.

This module relies on the GoogleClientAPI module, and setting it up is a requirement for using WireMailGmail. Gmail also comes with certain rather important considerations: for an example you can't spoof the sender or reply-to addresses, i.e. use anything that you've not authenticated with Google. This can be either a good thing or a major issue depending on your use case.

Read more about WireMailGmail »

Using Gmail as an SMTP server

The rest of the blog post covers the topic of using Gmail as an SMTP server. In this section Ryan explains how to get this done, and provides all the configuration settings needed to get two existing WireMail modules, WireMailPHPMailer and WireMailSmtp, talking with Google's mail servers.

Compared to how WireMailGmail works, this is the "easy" way for using Google's servers for sending out email. That being said, the fact that the setup begins by enabling what Google is calling the "less secure app access" should make it pretty obvious it's not really the preferred method.

For more details on the new WireMail modules and using Gmail as your SMTP server, be sure to check out this week's blog post from Ryan. Thanks!

New module: TextformatterExternalRedirect

Textformatter External Redirect is a new Textformatter module from BitPoet. The module was created as a response to a discussion on the support forum, and what it does is that it prefixes external links (http or https) with a predefined string, allowing you to implement your own hit counters, redirect tools, etc.

For an example, if you configure the module with prefix /my-redirector/?link= and enable this Textformatter for your "body" field, on the front-end of your site a link to https://processwire.com is automatically replaced with a link to /my-redirector/?link=https://processwire.com instead.

Module settings include the string to prefix URLs with, an option to open links in a new window, and an optional CSS class to be added to these links. Overall it provides a nifty set of features packaged in an easy-to-use module with a really small footprint.

Thanks to BitPoet for sharing this module with us – it's a very neat addition!

New module: MarkupContentSecurityPolicy

Markup Content Security Policy is a new Markup module developed by Chris Thomson. This module makes it really easy to implement Content Security Policy for your website using a meta tag in the head area of your public-facing pages.

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
— https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

The module provides configuration settings for commonly used directives, and a "any other directives" section for defining others. It also provides support for logging CSP violations, and sending these entries to a custom endpoint, which you can implement yourself to do whatever it is that you might want to do with such reports – email them somewhere, store them in a database or a separate log file, etc.

While you can always implement CSP in your site's .htaccess file as well, this module still provides a number of valuable benefits:

• First of all you can easily limit those rules to only apply to your public site, not the admin – where they might cause problems for certain third party modules, for an example. It may also be preferable to make these options available via the Admin GUI, instead of having to modify a file on disk whenever changes are needed.
• The module guides you through the process of setting CSP up, which is indeed a major benefit. While setting up CSP isn't particularly difficult, any mistakes you make here may still end up causing plenty of harm to your own site.
• As mentioned above, the module provides logging features – and an additional, JavaScript based solution for detecting policy violations real-time. The meta tag approach for implementing CSP doesn't support browser side detection-only mode, so this is quite a nice feature in itself.

Big thanks to Chris for sharing this wonderful module with us – it's a nice contribution, and I for one am looking forward to experimenting more with it. Great job!

Site of the week: Charles Spurgeon Schools

Our latest site of the week belongs to Charles Spurgeon Schools, which is a multi-academy trust setting out to create a family of schools that share a common interest and ethos. Charles Spurgeon Schools advocate an approach of integrating the Christian faith with their teaching, and their new website promotes the group of schools and their plans for the future.

Developed by the Internet Dreams Studio, the Charles Spurgeon Schools website boasts a modern and quite stylish design, with a healthy splash of colour combined with downright beautiful typography and clean, easy-to-grasp layout. Overall this is a really beautiful website, and Internet Dreams Studio have done splendid job on making sure that it's both usable and interesting at the same time.

The front-end of this site is powered by the Bootstrap front-end framework and various smaller bits and pieces of code, such as the AOS (Animate On Scroll) and jsSocials JavaScript libraries. There's not a whole lot to say about the behind the scenes implementation, but what we can tell is that the site is performing really well, and whatever choices were made behind the scenes have resulted in a splendidly robust experience for end users.

Big thanks to the Internet Dreams Studio for sharing this project with us, and congratulations to the Charles Spurgeon Schoold for their newly released website – looking really sharp!

Stay tuned for our next issue

That's it for the 271st issue of ProcessWire Weekly. We'll be back with more news, updates, and content Saturday, 27th of July. As always, ProcessWire newsletter subscribers will get our updates a few days later.

Thanks for staying with us, once again. Hope you've had a great and productive week, and don't forget to check out the ProcessWire forums for more interesting topics. Until next week, happy hacking with ProcessWire!