@handshaper A quick update on the forms:
The issue turned out to be the config_path value being sent with the form request. We haven’t touched this part of the forms code for around six months, so after some head scratching I found that something had changed on the server side, not in Elements.
It looks like the server’s configuration for “mod_security rule 930120" has been updated. This rule seems to block form submissions that include paths in the posted data. Our requests included a path like ../../../backend/config.php, and removing that property immediately allowed the form to submit without triggering the 403 error on Chillidog servers.
This has only affected sites hosted on Chillidog, so it’s seems likely to me that this rule was updated on their servers recently. I’m not sure what might prompted the change, but my best guess would be that it’s part of tightening security on their end.
The good news: we’ve implemented a workaround on our end by changing how the config.php file is fetched during form requests. We have a fix ready for testing, once we’ve confirmed everything is working as expected, we’ll send out an Elements update.
Thanks for your patience, your forms should be back up and running very soon 