Question: any harm in setting res.locals.csrfToken?

[zebapy]

Is there any harm with doing this so I can avoid having to put the csrfToken: req.csrfToken() in each res.render(...) in my Express app.

app.use(function(req, res, next) {
  res.locals.csrfToken = req.csrfToken();
  next();
});

Thanks

[dougwilson]

No harm, though you may eat up your entropy pool quicker and slightly slow all requests down, even those that do not need that token. It is a method instead of a property because calling it does work.

[anyong]

This issue is more than a year old but just curious - how many requests are we talking about where it may become a problem and begin to slow down?