惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Prevent Duplicate Slack Notifications from Google Forms
Lovanaut · 2026-05-20 · via DEV Community

A Google Forms to Slack notification script usually starts simple:

Google Form
-> Google Sheet
-> Apps Script trigger
-> Slack Incoming Webhook

Enter fullscreen mode Exit fullscreen mode

That is a good starting point.

But the first time the same response appears in Slack twice, the problem usually gets misdiagnosed.

People check the Slack message template.

They rewrite the payload.

They add another condition.

But duplicate Slack messages are usually not a formatting problem.

They are an idempotency problem.

If your script creates a side effect, it needs to know whether that side effect already happened.

The Practical Diagnosis

When a Google Forms response posts to Slack twice, check these three things first:

Symptom Likely cause What to inspect
The same function runs twice Duplicate Apps Script triggers The trigger list
Two executions race each other No lock around shared state Execution logs and timestamps
Retrying sends another message No sent-state record notification_key / slack_notified_at

Do this before you change the Slack payload.

The payload is often fine.

The workflow state is the fragile part.

I have been building FORMLOVA, a form operations product where notifications, response status, exclusions, reminders, and analytics are treated as post-submit operations instead of hidden spreadsheet side effects.

One lesson keeps repeating:

A notification is a side effect. Side effects need state.

1. Check for Duplicate Triggers

Apps Script installable triggers are easy to create.

That is useful.

It is also how teams accidentally create duplicate notifications.

A setup function like this can create another trigger every time it is run:

function createTrigger() {
  const spreadsheet = SpreadsheetApp.openById("YOUR_SPREADSHEET_ID");

  ScriptApp.newTrigger("onFormSubmit")
    .forSpreadsheet(spreadsheet)
    .onFormSubmit()
    .create();
}

Enter fullscreen mode Exit fullscreen mode

If you run this during setup, then again during testing, then again after a teammate changes something, you may now have multiple triggers calling the same handler.

Start in the Apps Script trigger UI:

Apps Script
-> Triggers
-> check whether the same handler appears more than once

Enter fullscreen mode Exit fullscreen mode

Also remember that installable triggers run under the account that created them. Google documents that triggers can be created per account, and one account may not see triggers installed by another account even though they can still run.

So if the duplicate notification appeared after a handoff, ask:

Did another account create the same trigger?
Did another Apps Script project post to the same Slack channel?
Did a test project keep running?

Enter fullscreen mode Exit fullscreen mode

The first fix is often deleting duplicate triggers, not editing the Slack message.

2. Make Trigger Setup Idempotent Too

Do not let setup code create a new trigger every time it runs.

At minimum, check whether the handler is already registered in the current project.

const HANDLER_NAME = "onFormSubmit";

function createTriggerIfNeeded() {
  const triggers = ScriptApp.getProjectTriggers();
  const exists = triggers.some((trigger) => (
    trigger.getHandlerFunction() === HANDLER_NAME
  ));

  if (exists) {
    console.log(`${HANDLER_NAME} trigger already exists`);
    return;
  }

  const spreadsheet = SpreadsheetApp.openById("YOUR_SPREADSHEET_ID");

  ScriptApp.newTrigger(HANDLER_NAME)
    .forSpreadsheet(spreadsheet)
    .onFormSubmit()
    .create();
}

Enter fullscreen mode Exit fullscreen mode

This only protects the current script project.

It does not prove that no other account or project created a similar trigger.

But it prevents the most common self-inflicted version of the problem.

3. Build a Notification Key

Next, give each notification attempt a stable key.

For a quick Sheets-side implementation, you might use the response row and submitted timestamp:

function buildNotificationKey(e) {
  const rowNumber = e.range.getRow();
  const timestamp = (e.namedValues["Timestamp"] || [""])[0];

  return `google_form:${rowNumber}:${timestamp}`;
}

Enter fullscreen mode Exit fullscreen mode

That is not perfect.

The timestamp column name can vary by form language and sheet configuration. Row numbers can also become awkward if humans copy or move data later.

For a stronger design, use a form response ID or store a dedicated response record with fields like:

response_id
submitted_at
notification_key
slack_notified_at
slack_status
owner
status

Enter fullscreen mode Exit fullscreen mode

The key idea is simple:

Before posting, identify which notification this is.
After posting, record that it was sent.

Enter fullscreen mode Exit fullscreen mode

4. Store "Already Sent" State

For a small script, PropertiesService.getScriptProperties() can store simple key-value state.

function onFormSubmit(e) {
  const key = buildNotificationKey(e);
  const properties = PropertiesService.getScriptProperties();

  if (properties.getProperty(key)) {
    console.log(`already notified: ${key}`);
    return;
  }

  postToSlack(buildSlackMessage(e));

  properties.setProperty(key, new Date().toISOString());
}

Enter fullscreen mode Exit fullscreen mode

Now a retry can see that the response was already posted.

This is a minimal pattern, not a complete operations system.

For a real team, I would rather put slack_notified_at and slack_status somewhere visible, such as a response records sheet or a proper response-management surface.

Hidden script properties are useful for a small guard.

Visible response state is better for team operations.

5. Lock the Check/Post/Write Section

There is still a race condition.

Two executions could both check the state before either one writes it.

So the critical section should be:

check whether this notification was sent
post to Slack
write slack_notified_at

Enter fullscreen mode Exit fullscreen mode

Guard that section with LockService.

function onFormSubmit(e) {
  const lock = LockService.getScriptLock();

  if (!lock.tryLock(10 * 1000)) {
    console.log("could not acquire lock");
    return;
  }

  try {
    notifyOnce(e);
  } finally {
    lock.releaseLock();
  }
}

function notifyOnce(e) {
  const key = buildNotificationKey(e);
  const properties = PropertiesService.getScriptProperties();

  if (properties.getProperty(key)) {
    console.log(`already notified: ${key}`);
    return;
  }

  postToSlack(buildSlackMessage(e));

  properties.setProperty(key, new Date().toISOString());
}

Enter fullscreen mode Exit fullscreen mode

Locking only the Slack HTTP request is not enough.

The lock needs to cover the read, the side effect, and the write.

6. Record Sent State After Slack Succeeds

Do not mark the notification as sent before Slack accepts the request.

const SLACK_WEBHOOK_URL = getSlackWebhookUrl();

function postToSlack(text) {
  const response = UrlFetchApp.fetch(SLACK_WEBHOOK_URL, {
    method: "post",
    contentType: "application/json",
    payload: JSON.stringify({ text }),
    muteHttpExceptions: true,
  });

  const status = response.getResponseCode();

  if (status < 200 || status >= 300) {
    throw new Error(`Slack notification failed: ${status}`);
  }
}

Enter fullscreen mode Exit fullscreen mode

The order matters:

post to Slack
if Slack succeeded, write slack_notified_at
if Slack failed, keep it retryable

Enter fullscreen mode Exit fullscreen mode

This does not solve every delivery ambiguity in the universe.

But it is much better than blindly reposting every time a script is retried.

7. Do Not Commit the Webhook URL

Slack Incoming Webhook URLs contain secrets. Slack explicitly tells developers not to share them online or commit them to public repositories.

In Apps Script, read the webhook URL from script properties or another secret store.

function getSlackWebhookUrl() {
  const url = PropertiesService
    .getScriptProperties()
    .getProperty("SLACK_WEBHOOK_URL");

  if (!url) {
    throw new Error("SLACK_WEBHOOK_URL is not configured");
  }

  return url;
}

Enter fullscreen mode Exit fullscreen mode

This is not only a security issue.

It also makes the workflow easier to move between test and production without changing source code.

The Checklist

If your Google Forms workflow posts duplicate Slack messages, check this:

[ ] Is the same Apps Script handler registered more than once?
[ ] Did another account create a trigger you cannot see?
[ ] Is a test script still connected to the same Slack channel?
[ ] Does each notification have a stable notification_key?
[ ] Does the script check sent state before posting?
[ ] Does the script write slack_notified_at only after Slack succeeds?
[ ] Is the check/post/write section protected by LockService?
[ ] Is the Slack webhook URL stored outside public source?

Enter fullscreen mode Exit fullscreen mode

Duplicate notifications are annoying, but they are also useful.

They reveal that the workflow has hidden state.

Once a script has hidden state, the next bugs are usually about ownership, retries, status, exclusions, and reporting.

That is the point where the workflow is no longer "just a Slack notification."

It has become response operations.

Where I Draw the Line

If all you need is awareness, a simple Slack notification may be enough.

If you need to know whether a response is new, in progress, resolved, excluded, retried, or assigned to someone, the notification should become only one event in a response record.

That is the model I use in FORMLOVA:

response saved
-> notification attempted
-> notification result recorded
-> owner/status updated
-> unresolved responses stay visible

Enter fullscreen mode Exit fullscreen mode

The goal is not to replace every Google Forms workflow.

The goal is to stop pretending that "message posted" means "work handled."

References

Related FORMLOVA Guides

Try FORMLOVA | MCP setup guide