看到Skullcrasher的答案，这样做在一个更合适的方式。

SEE THE ANSWER FROM Skullcrasher TO DO THIS IN A MORE PROPER WAY.

您有enableCsrfValidation一个问题。想了解更多关于它，你可以阅读here.

You have a problem with enableCsrfValidation. To read more about it you can read here.

要禁用CSRF添加此code到控制器：

To disable CSRF add this code to your controller:

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

这将禁用所有操作，你应该根据$行动禁用它仅适用于具体行动。

This will disable for all actions, you should probably depending on the $action disable it only for specific actions.