There are currently many possible CSRF vulns involving post requests.

Since none of them (as far as I know anyway) involve get requests, it's not that pressing of an issue currently, but eventually I need to install a CSRF library and add unique tokens to every form.