No. Check out the example in the article, an attacker can make your browser submit a form with a POST request using JavaScript.
It's slightly harder to exploit, as the attacker can't just send you a link to facebook.com, but they can send you a link to example.com which has the form and uses JavaScript to submit the form.
The way CSRF works is that I put a form on evil.com that submits to example.com. If there's no CSRF protection, example.com will accept that form submission as if it had actually come from a page on example.com. GET/POST has nothing to do with it.
adamdoupe|11 years ago
It's slightly harder to exploit, as the attacker can't just send you a link to facebook.com, but they can send you a link to example.com which has the form and uses JavaScript to submit the form.
defen|11 years ago
danielweber|11 years ago
<script>document.forms[0].submit();</script>
(The above code may contain bugs.)