Redmine

I've just upgraded to the newest redmine, and I'm having REST API troubles with PHP in 2.4. Using the ActiveResource method, calls which were working in 2.3.3 are now getting

WARNING: Can't verify CSRF token authenticity
API calls must include a proper Content-type header (application/xml or application/json).
Filter chain halted as :verify_authenticity_token rendered or redirected

I've also done some playing around with switching to a curl method, but any attempt to authenticate there also seems to fail. Is there something about the upgrade process that would call my authentication to become invalid? Or were my api calls always bad and 2.4 is just more strict about enforcing it? I seem to be following the example as correctly as I can tell, though.

I have noticed that the api rejection code in application_controller.rb was moved between 2.3.3 and 2.4, but functionally I'm not sure what the change means.

Edit: Having done some more testing, I'm fairly certain I can point to r12267 as being the source of my difficulties. I still don't know enough about the underlying system to say if this change was incorrect, but it feels like it's throwing errors when it's not supposed to...