Explicitly allow GET requests for specific actions, verify authenticity token on GET
None
Eugene Kalenkovich