I'm solving some issues shown at SNYK tool (https://snyk.io/). I've got this issue:
Anti-forgery token validation disabled. This ASP.NET MVC action should use an anti-forgery validation attribute. Not using this attribute disables Cross Site Request Forgery (CSRF) protection and allows CSRF attacks.
At Controller, this is an ActionResult that returns a view where user must choose from some options to continue.
<a class="btn" href="/Account/ChooseCompany?Company_id=xxxxxxx"></a>
<a class="btn" href="/Account/ChooseCompany?Company_id=yyyyyyy"></a>
Since the user doesn't really post anything, just enters a new URL address (therefore a GET request), I was wondering why does SNYK suggested "anti-forgery token".