注意:请参阅跨站点请求伪造.

Note: See the answer from Skullcrasher to fix the issue in the correct way as my answer suggests disabling the Cross-Site Request Forgery.

您对enableCsrfValidation有问题.要了解更多信息，可以在此处.

You have a problem with enableCsrfValidation. To read more about it you can read here.

要禁用CSRF，请将以下代码添加到您的控制器中:

To disable CSRF, add this code to your controller:

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

这将对所有操作禁用.您可能应该根据$ action，仅对特定操作禁用它.

This will disable for all actions. You should probably, depending on the $action, disable it only for specific actions.