-1

I created trade offer with browser and copy request as cURL. I can create offer with terminal, BUT if I copy request as fetch (or Node.js fetch) then I give 403 Forbidden. I want make offers by fetch.

working cURL:

curl 'https://steamcommunity.com/tradeoffer/new/send' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"' \
  -H 'Accept: */*' \
  -H 'DNT: 1' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Origin: https://steamcommunity.com' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Referer: https://steamcommunity.com/tradeoffer/new/?partner=26757421&token=jEW9IPqe' \
  -H 'Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7' \
  -H 'Cookie: sessionid=***; steamLoginSecure=***' \
  --data-raw 'sessionid=***&serverid=1&partner=76561197987023149&tradeoffermessage=&json_tradeoffer=%7B%22newversion%22%3Atrue%2C%22version%22%3A2%2C%22me%22%3A%7B%22assets%22%3A%5B%5D%2C%22currency%22%3A%5B%5D%2C%22ready%22%3Afalse%7D%2C%22them%22%3A%7B%22assets%22%3A%5B%7B%22appid%22%3A730%2C%22contextid%22%3A%222%22%2C%22amount%22%3A1%2C%22assetid%22%3A%2222221561976%22%7D%5D%2C%22currency%22%3A%5B%5D%2C%22ready%22%3Afalse%7D%7D&captcha=&trade_offer_create_params=%7B%22trade_offer_access_token%22%3A%22jEW9IPqe%22%7D' \
  --compressed

crashing fetch:

fetch("https://steamcommunity.com/tradeoffer/new/send", {
  "headers": {
    "accept": "*/*",
    "accept-language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
    "cache-control": "no-cache",
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
    "pragma": "no-cache",
    "sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Google Chrome\";v=\"91\", \"Chromium\";v=\"91\"",
    "sec-ch-ua-mobile": "?0",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "cookie": "sessionid=***; steamLoginSecure=***"
  },
  "referrer": "https://steamcommunity.com/tradeoffer/new/?partner=26757421&token=jEW9IPqe",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "sessionid=***&serverid=1&partner=76561197987023149&tradeoffermessage=&json_tradeoffer=%7B%22newversion%22%3Atrue%2C%22version%22%3A2%2C%22me%22%3A%7B%22assets%22%3A%5B%5D%2C%22currency%22%3A%5B%5D%2C%22ready%22%3Afalse%7D%2C%22them%22%3A%7B%22assets%22%3A%5B%7B%22appid%22%3A730%2C%22contextid%22%3A%222%22%2C%22amount%22%3A1%2C%22assetid%22%3A%2222684389625%22%7D%5D%2C%22currency%22%3A%5B%5D%2C%22ready%22%3Afalse%7D%7D&captcha=&trade_offer_create_params=%7B%22trade_offer_access_token%22%3A%22jEW9IPqe%22%7D",
  "method": "POST",
  "mode": "cors"
});

If you will change *** to your sessionid & steamLoginSecure in three places, then you can test these requests. (it can be found here: steam website, F12, application, cookie)

Nikitos Frolov
  • 1

1 Answers1

0

I understand what's happening! Chrome copied the request incorrectly: need header Referer (not Referrer). Сonverter helped me - https://curl.trillworks.com/

Nikitos Frolov
  • 1