<input type="hidden" name="<?= Yii::$app->request->csrfParam; ?>" value="<?= Yii::$app->request->csrfToken; ?>" />
public function beforeAction($action)
{
if ($action->id == 'no-csrf') {
Yii::$app->controller->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}