Instead of POSTing to the online form, GET the online form and prepopulate the fields using a query string.
For example, an offline form with first and last names will, when submitted, perform a GET request like this:
mysite.com/offline_form/new?first_name=Dick&last_name=Steele
This URL will render a live new
form, complete with a valid CSRF token. Use the query string to populate the input fields. Query string can be accessed via params[]
.
form_for :online do |f|
f.text_field :first_name, value: params[:first_name]
f.text_field :last_name, value: params[:last_name]
# ...
end
This way, your users can submit a live CSRF-tokenized form without having to fill out a second form. At minimum, your users will have to click two submit buttons. You can present the online version of the form as a confirmation step.