I'm looking CSRF for my e-commerce site. I've implemented a token based approach for forms.
I have a checkout link on the basket page of my site that simply links to the address page. Once on the address page various checks are done to make sure the user is logged in and has items in their basket. It then pulls out the users existing addresses based on their user_id which is stored in the session.
My question is, is there any vulnerability in the checkout link? It's not altering any data in any way.
If you can only retrieve data from the request, then it is safe from CSRF.
CSRF is an attack which tricks a user into making a request that changes something (posting a comment (possibly spam!), buying something, voting for something, changing their account details, etc).