出现400错误是yii2.0的csrf防范策略导致
在components里面添加request配置如下:
'request' => [ // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation 'cookieValidationKey' => '83r5HbITBiMfmiYPOZFdL-raVp4O1VV4', 'enableCookieValidation' => false, 'enableCsrfValidation' => FALSE, ], ],
添加后再运行就没有报400错误。
但这样就关闭了yii2.0提供的csrf防御模块
或者在action里添加
$this->enableCsrfValidation = false;