注意:参见 Skullcrasher 的答案 以正确的方式解决问题，因为我的答案建议禁用 跨站请求伪造.

Note: See the answer from Skullcrasher to fix the issue in the correct way as my answer suggests disabling the Cross-Site Request Forgery.

您的 enableCsrfValidation 有问题.要阅读有关它的更多信息，您可以阅读这里.

You have a problem with enableCsrfValidation. To read more about it you can read here.

要禁用 CSRF，请将此代码添加到您的控制器:

To disable CSRF, add this code to your controller:

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

这将禁用所有操作.您可能应该根据 $action 仅对特定操作禁用它.

This will disable for all actions. You should probably, depending on the $action, disable it only for specific actions.