diff --git a/src/Controller/CartController.php b/src/Controller/CartController.php
index 18b889ed..992d57fb 100644
--- a/src/Controller/CartController.php
+++ b/src/Controller/CartController.php
@@ -136,10 +136,14 @@ public function cartListingAction(Request $request, BreadcrumbHelperService $bre
     }
 
     /**
-     * @Route("/cart/remove-from-cart", name="shop-remove-from-cart")
+     * @Route("/cart/remove-from-cart", name="shop-remove-from-cart", methods={"POST"})
      */
     public function removeFromCartAction(Request $request, Factory $ecommerceFactory): RedirectResponse
     {
+        if (!$this->isCsrfTokenValid('cartListing', $request->request->get('_csrf_token'))) {
+            throw new \Exception('Invalid request');
+        }
+
         $id = $request->query->getInt('id');
         $product = AbstractProduct::getById($id);
 
diff --git a/templates/cart/cart_listing.html.twig b/templates/cart/cart_listing.html.twig
index fc81933e..9321dff7 100644
--- a/templates/cart/cart_listing.html.twig
+++ b/templates/cart/cart_listing.html.twig
@@ -119,9 +119,9 @@
                                                 </div>
                                             </div>
                                             <div class="col-2 col-sm-2 col-md-1 text-right px-md-0">
-                                                <a href="{{ path('shop-remove-from-cart', {id: item.itemKey}) }}" class="btn btn-outline-danger btn-sm">
+                                                <button type="submit" class="btn btn-outline-danger btn-sm" formaction="{{ path('shop-remove-from-cart', {id: item.itemKey}) }}">
                                                     <i class="fa fa-trash" aria-hidden="true"></i>
-                                                </a>
+                                                </button>
                                             </div>
                                         </div>
                                     </div>