¿What is the PROPER way to do bulk actions with gridview?

I have a checkbox column in a gridview:


        'dataProvider' => $dataProvider,    

        'columns' => [

            ['class' => 'yii\grid\CheckboxColumn'],





And I want to make bulk actions, so I have a button that fires a javascript and sends a url like this:


this is the button:

<a href="#" onclick="bulkAction('p');">

this is the Javascript:


        function bulkAction(a) {

            var keys = $('#grid').yiiGridView('getSelectedRows');

            window.location.href='<?php echo Url::to(['mycontroller/bulk']); ?>&action='+a+'&ids='+keys.join();



[size="5"]PROBLEM IS[/size]

This approach is vulnerable to CSRF hacks (explained in : blog.codinghorror.com/cross-site-request-forgeries-and-you/)

So, what is the PROPER way to do it?

Solved it myself. This way you get CSRF protection and get an array of IDs in the controller:


&lt;?=Html::dropDownList('action','',[''=&gt;'Mark selected as: ','p'=&gt;'Proposed','np'=&gt;'No Proposed','c'=&gt;'Confirmed','nc'=&gt;'No Confirmed'],['class'=&gt;'dropdown',])?&gt;

&lt;?=Html::submitButton('Send', ['class' =&gt; 'btn btn-info',]);?&gt;


    'dataProvider' =&gt; &#036;dataProvider,

    'columns' =&gt; [

        ['class' =&gt; 'yii&#092;grid&#092;CheckboxColumn'],



]); ?&gt;

&lt;?= Html::endForm();?&gt;