== Ask Yourself Whether

* HTTP methods are not defined at all for a route/controller of the application.
* Safe HTTP methods are defined and used for a route/controller that can change the state of an application.

There is a risk if you answered yes to any of those questions.