The WordPress Custom Contact Form did not display the “Thank you” text after submitting my contact form, nor it was redirecting when I changed it to.
I saw that php was returning correct JSON code:
The thing with ajax/jquery scripts is that they are rendering html code in a frame or iframe tag. This can be a security hole in some form because it can allow a hacker to inject a script that will execute remote code.
This can be controlled with the X-Frame-Options http header that instructs the browser to either render/not render/render from the same origin domain code into frame or iframe tags.
In my Nginx configuration it was set to deny:
add_header X-Frame-Options Deny;
And changed it to:
add_header X-Frame-Options sameorigin;
Now, my form submissions are successful.