You can't supply PHP tags for a Code action, which is just preparing an anonymous function and executing it for PHP method. That also isn't going to work unless the page it self outputs HTML. For example if it's a trigger during a save operation that will never execute. Use cURL to make your custom HTTP request if you don't like the safety restrictions in place for Request actions or CBSubs URL.
It looks like you're trying to submit another components form. The reason you're having to add the token is because what you were trying to do is called spoofing and the token protects against that. You may want to contact the developer of your extension as they may have an API you can execute in a Code action to do what you're wanting without having to do an HTTP request to your own site.