How to Prevent Gmail from Triggering Pipedream Links Twice and Using Extra Cycles?

This topic was automatically generated from Slack. You can find the original thread here.

I’m sending a pipedream link via email and Gmail seems to be opening those links and triggering the corresponding endpoint twice, eating up some of my cycles

i see the following two triggers

HEAD /?email=
GET /?avfps=%0B%2Edcajj%7F%0E&beear=dcc-6-vetffxafe|

i presume it’s part of the email service provider’s security practices

is there a way to have these not count against my 2,000 pipedream cycles per month?

No way right now, unfortunately.

Hopefully Pipedream implements some native filtering methods for HTTP triggers in the near future.

Otherwise, an alternative would be to setup a filtering proxy in front of the Pipedream webhook URL.

You could use a service like Hookdeck in order to setup the filtering proxy.

Filtering example (from the home page):

image.png595×714 75.7 KB

You could use the $not filter to make sure that requests/query strings don’t contain ?email or ?avfps.

You could even reject HEAD requests entirely.

And you could also validate that the query string is completely empty.

Here’s the documentation for filters btw.

We’re going to ship the first iteration of request filtering in HTTP triggers soon, but unfortunately this phase won’t solve your problem natively, . We’re going to release support for requiring a Bearer token in the Authorization header. The additional features Marco mentioned make a lot of sense and are on the backlog but aren’t currently prioritized.

: I hope those bearer tokens will support JWTs (plus the validation of the claims within)!

Especially the exp claim, which is very useful to prevent tokens from being replayed.

All it requires is a shared encryption key on both sides, which is never sent over the network or stored in logs (that’s the important part).

Not yet — starting small, but we’re discussing supporting JWTs in the future