3👍
I personally don’t ever consider it safe to use GET for a request that will have side effects.
I try to always follow the practice of POST + redirection to another page.
This solves all kinds of problems, such as F5 refreshing the action, the user bookmarking a URL which has a side effect and so on.
In your case, the update is harmless, but using POST at least conveys the fact that it’s an update and may be useful for tools such as caching software (POST requests usually aren’t cached).
On top of that, applications often change, and you may at some point need to modify the app in such a way that the update isn’t so harmless anymore.
It’s also generally difficult to guarantee that anything is completely secure in web development, so I prefer to stay on the safe side.