Question: any harm in setting res.locals.csrfToken?
zebapy opened this issue · comments
Is there any harm with doing this so I can avoid having to put the csrfToken: req.csrfToken()
in each res.render(...)
in my Express app.
app.use(function(req, res, next) {
res.locals.csrfToken = req.csrfToken();
next();
});
Thanks
No harm, though you may eat up your entropy pool quicker and slightly slow all requests down, even those that do not need that token. It is a method instead of a property because calling it does work.
This issue is more than a year old but just curious - how many requests are we talking about where it may become a problem and begin to slow down?