¿What is the PROPER way to do bulk actions with gridview?

I have a checkbox column in a gridview:

    GridView::widget([

        'dataProvider' => $dataProvider,    

        'columns' => [

            ['class' => 'yii\grid\CheckboxColumn'],

            'id'=>'grid',

            'country',

        ],

    ]); 

And I want to make bulk actions, so I have a button that fires a javascript and sends a url like this:

index.php?r=mycontroller/bulk&action=1&ids=2,6,7,8

this is the button:

<a href="#" onclick="bulkAction('p');">

this is the Javascript:

    <script>

        function bulkAction(a) {

            var keys = $('#grid').yiiGridView('getSelectedRows');

            window.location.href='<?php echo Url::to(['mycontroller/bulk']); ?>&action='+a+'&ids='+keys.join();

        }

    </script>

[size="5"]PROBLEM IS[/size]

This approach is vulnerable to CSRF hacks (explained in : blog.codinghorror.com/cross-site-request-forgeries-and-you/)

So, what is the PROPER way to do it?

Solved it myself. This way you get CSRF protection and get an array of IDs in the controller:

<?=Html::beginForm(['controller/bulk'],'post');?>


<?=Html::dropDownList('action','',[''=>'Mark selected as: ','p'=>'Proposed','np'=>'No Proposed','c'=>'Confirmed','nc'=>'No Confirmed'],['class'=>'dropdown',])?>


<?=Html::submitButton('Send', ['class' => 'btn btn-info',]);?>


<?=GridView::widget([


    'dataProvider' => $dataProvider,


    'columns' => [


        ['class' => 'yii\grid\CheckboxColumn'],


        'id',            


    ],


]); ?>


<?= Html::endForm();?>