diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2f1e90e448..26b5bf83e4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
   TIMEOUT_WARNING_LENGTH_IN_MINUTES = 2
 
   helper_method :timeout_warning_in_minutes
+  protect_from_forgery except: :handle_unwanted_requests
 
   def handle_unwanted_requests
     render file: Rails.root.join("public", "404.html"), status: :not_found, layout: false
diff --git a/spec/requests/application_spec.rb b/spec/requests/application_spec.rb
new file mode 100644
index 0000000000..71a46f98b9
--- /dev/null
+++ b/spec/requests/application_spec.rb
@@ -0,0 +1,19 @@
+require "rails_helper"
+
+RSpec.describe "Application", type: :request do
+  describe "#handle_unwanted_requests" do
+    before do
+      ActionController::Base.allow_forgery_protection = true
+    end
+
+    after do
+      ActionController::Base.allow_forgery_protection = false
+    end
+
+    # Stops Rollbar reporting requests routed to `handle_unwanted_requests` that then cause a CSRF failure
+    it "ignores CSRF checks" do
+      post "/RANDOMSTRING.txt", headers: {"X-CSRF-Token" => "invalid_token"}
+      expect(response.code).to eq "404"
+    end
+  end
+end