A few times a week we get an
ActionController::InvalidAuthenticityToken exception from our app (not
all from the same action or controller). I understand why
protect_from_forgery exists and am not interested in disabling it. I
am quite certain this is not from actual attacks on our site but not
sure why users are consistently triggering it. The number of users it
impacts is very small but still would be nice to know how to reduce
them or at least why it is happening.