@blrhc reported that the endpoint for the Report abuse button on Gists was vulnerable to CSRF. We addressed this issue by not allowing GET requests to this endpoint.