Question: any harm in setting res.locals.csrfToken?

Question

Question: any harm in setting res.locals.csrfToken?

zebapy opened this issue 9 years ago · comments

Is there any harm with doing this so I can avoid having to put the csrfToken: req.csrfToken() in each res.render(...) in my Express app.

app.use(function(req, res, next) {
  res.locals.csrfToken = req.csrfToken();
  next();
});

Thanks

Douglas Wilson · Answer 1 · Mon Feb 16 2015 08:19:35 GMT+0800 (China Standard Time)

No harm, though you may eat up your entropy pool quicker and slightly slow all requests down, even those that do not need that token. It is a method instead of a property because calling it does work.

Edward Greve · Answer 2 · Thu Jun 09 2016 01:20:06 GMT+0800 (China Standard Time)

This issue is more than a year old but just curious - how many requests are we talking about where it may become a problem and begin to slow down?