GET requests are supposed to be safe[0], if you have a unsubscribe link, you click that link, it makes a GET request, then unsubscribes the user, that GET request is no longer safe.
How I've seen developers approach this, is the initial GET request loads a form, and requires that the user clicks something once more, to then submit a POST request and confirm the unsubscribe action.
How I've seen developers approach this, is the initial GET request loads a form, and requires that the user clicks something once more, to then submit a POST request and confirm the unsubscribe action.
[0] https://developer.mozilla.org/en-US/docs/Glossary/Safe/HTTP