I just implemented some Ajax functionality which I could not get to work as a POST method until I figured out that CHtml::ajax() does not set the CSRF token automatically like forms do. If you have enableCsrfValidation set then the CSRF token has to be added manually to the ajax data elements like in this example:
Yii::app()->clientScript->registerScript($id, CHtml::ajax(array(
'type' => 'POST',
'data' => array('id' => $id,
Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken),
'url' => Yii::app()->createUrl('app/something'),
)));
Now, wouldn’t it make sense to have CHtml::ajax() automagically add the csrf token to the data element for POST requests?