FAQ-000182 - CSRF and DML Security Issues / DML Operations on Component Load

Alternatives to automatic DML operations during component load in Salesforce include: - **Asynchronous Operations**: Use platform events or queueable Apex to handle DML operations after the component has loaded. - **Deferred Processing**: Design the component to fetch necessary data and perform updates through server-side logic triggered by specific conditions, such as a timer or background process. - **User-Initiated Actions**: Require explicit user interactions (like button clicks) to trigger DML operations, ensuring operations are intentional and secure. These approaches ensure that operations are not tied to the component's immediate load while maintaining security and performance.

The original answer provides good alternatives but is missing a key security approach that directly addresses CSRF concerns. Adding 'User-Initiated Actions' as a third alternative improves the completeness of the answer by including the most straightforward solution to CSRF issues - requiring explicit user interaction. This addition aligns with the ApexCSRF rule which flags DML operations that occur without proper user interaction validation. The FAQ's existing content about asynchronous operations and deferred processing remains valuable and accurate. The ApexCSRF rule is directly relevant because this FAQ addresses the core issue that the rule detects: performing DML operations during component load without user interaction, which can lead to CSRF vulnerabilities.