@simonbrown reported a very-low risk vulnerability in a request handler not actively used in GitHub.com. We addressed this issue by changing the request method to a POST, which requires a valid CSRF token.