出现400错误是yii2.0的csrf防范策略导致
在components里面添加request配置如下:
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => '83r5HbITBiMfmiYPOZFdL-raVp4O1VV4',
'enableCookieValidation' => false,
'enableCsrfValidation' => FALSE,
],
],
添加后再运行就没有报400错误。
但这样就关闭了yii2.0提供的csrf防御模块
或者在action里添加
$this->enableCsrfValidation = false;