Here is what I am trying to do:
Website A displays an HTML form and collects data from the user. The form, and data, is submitted to Website B, which is not connected with A.
Website B uses the user's data to create a file F. B displays a confirmation page to the user, and then redirects the user back to website A, with the file F attached. The user should be unable to edit file F in any way.
Website A collects the file F and processes it.
I am aware of the file input tag in HTML, but that tag is only for manual upload of a file to a server. Most browsers prevent modifying the value of the tag through JavaScript.
I considered having Website B put a form in the confirmation page, with a hidden form input element containing the contents of file F. That way the submit button would transfer the file contents as POST data to Website A. However, this is not secure as a devious user could modify the file contents by using Inspect Element.
What are your suggestions on safely implementing this?