Random POST requests cause Devise RegistrationsController#create to throw ActionController::InvalidAuthenticityToken

Question

I am getting random ActionController::InvalidAuthenticityToken exceptions in production roughly every 30 minutes. Devise's RegistrationsController picks up POST requests to / because of the custom devise route (from this tutorial).

Signing up with the at /signup works perfectly (No InvalidAuthenticityToken error), but in production, I guess there are scrapers or crawlers setting it off...

Devise routes:

devise_for :users, path: '', path_names: { sign_in: 'login', sign_up: 'signup', sign_out: 'logout' }, controllers: { registrations: "registrations" }

Rails log feedback:

I, [2017-06-07T13:18:09.487414 #14257]  INFO -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] Started POST "/" for 75.70.12.156 at 2017-06-07 13:18:09 +0800
I, [2017-06-07T13:18:09.496505 #14257]  INFO -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] Processing by RegistrationsController#create as HTML
I, [2017-06-07T13:18:09.497071 #14257]  INFO -- : [01348d04-903a-4abe-8dba-2e3a96d93cca]   Parameters: {"R/RckN2abHl7WVLGyedzqkdm2km4dWEYCEoWaa3k/f9d0aGuBa0YDqXOzArCAHfq1aehtv9mc0R8sJ0t0Q Qwd7J3jbKqDB1bKYlm t7ll6MN7hYni htSDFKgoj2q7m0kkLJs8AizoJ/kFqXVCY98EmXVO jU/ bc5wHzQ7UdpUmV2NHEgB4379MO4/QmdfKDDE URJuEkMKE1b2TSTyX5ewV1Hadj22jZlrIORb2AmXICUx0 5PXlkzFYymzBzrQgQtzBGjWA9scNRAzW0KcJyGm8H3 YZuwN86Js7XhR8FI92jDlcYTGjP/bRA8awf HwpyuKpCR/Ctw5ml8xRR9e6P7JhiE/Zrr3d9lpcHdYV4vNIj8XeUT7DDvAxNNx/Y4JQfU4MvmUK2Xcc7/obvKZjMRJBRR4fLnEzS5HHGNxsTn7VQg"=>""}
W, [2017-06-07T13:18:09.500231 #14257]  WARN -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] Can't verify CSRF token authenticity.
I, [2017-06-07T13:18:09.505638 #14257]  INFO -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] Completed 422 Unprocessable Entity in 8ms (ActiveRecord: 0.0ms)
F, [2017-06-07T13:18:09.514144 #14257] FATAL -- : [01348d04-903a-4abe-8dba-2e3a96d93cca]   
F, [2017-06-07T13:18:09.514690 #14257] FATAL -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2017-06-07T13:18:09.514921 #14257] FATAL -- : [01348d04-903a-4abe-8dba-2e3a96d93cca]   
F, [2017-06-07T13:18:09.515247 #14257] FATAL -- : [01348d04-903a-4abe-8dba-2e3a96d93cca] actionpack (5.0.1) lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'

Is there a way to fix this?

Thanks