Fix CSRF security vulnerability reported by Charlie Gordon (cwgordon7) by using tokens for action URIs.