Not sure how to send CSRF correctly so that Yii 1.1 gets it. This is a POST request.
Which content type? JSON? Or multiform?
Should YII_CSRF_TOKEN be included in body? As URL string or JSON string?
Credentials should be either “inline” or “same-origin”?
I think I’ve tried all combinations without success.
Yii 1.1 CSRF validation: https://github.com/yiisoft/yii/blob/master/framework/web/CHttpRequest.php#L1342
For some reason, $_POST and $_REQUEST are always empty in that method.