Jump to content
McKay Development

All Activity

This stream auto-updates

  1. Past hour
  2. Something big comming 🤫 - steam has new cookies bm_sv and ak_bmsc
  3. Today
  4. This still seems to work fine for me atm. But Steam seems to go through a bit of turbulence right now, so I catch stray 500's and 400's I'm afraid it's specific Steam-related problem from recent site changes and GPT won't have that in it's training data. Did it give any guesses on why this might work? Many years of being afraid for my normal trading accounts T ^ T
  5. Send correct user-agent for mobileconf requests, to avoid 429 errors (#371) Full Changelog: v3.50.2...v3.50.3 View on GitHub
  6. there is always risk of getting banned with steam
  7. Hey guys. I have asked gpt5.5 to fix it. (With the samples from this thread) And telling it that it needs to change the headers to prevent akamai WAF. This was the set of headers that works for 95 percent of times: const headers = { 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'same-origin', }; Although, some endpoints needed some more tuning. (E.g. getting partner details after creating an offer) So right now, i use this to change header dynamically: I have been using this for the past 36 hours and it is working fine. Is there anything suspicious about this? Is there a ban risk? (I don't think so myself, but wanted to share it)
  8. This option also turned out to be quite working, for me it does not even require changing the Accept-Encoding, the key is to transfer Accept and sec-fetch-user. headers: { //"User-Agent": "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Mobile Safari/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8", //"Accept-Encoding": "gzip, deflate, br, zstd", "Accept-Language": "en-US,en;q=0.9", "sec-ch-ua": "\"Chromium\";v=\"140\", \"Not=A?Brand\";v=\"24\", \"Google Chrome\";v=\"140\"", "sec-ch-ua-mobile": "?1", "sec-ch-ua-platform": "\"Android\"", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "same-origin", "sec-fetch-user": "?1", "upgrade-insecure-requests": "1" }
  9. It's absolutely crazy, every time i delete one parameter, everything starts to work. What is the logic behind this? headers: { 'Accept-Encoding': 'zstd', // 🤪 },
  10. thanks so much
  11. Yesterday
  12. Fix CEconItem crash when "Tradable/Marketable After" date isn't day-first by @GVRLNKMK in #370 Fix login hanging indefinitely on steam-session timeout by @lrftw in #369 Full Changelog: v3.50.1...v3.50.2 View on GitHub
  13. This helped me with inventory requests, thanks
  14. Error 429 appeared again, this entry fixed the situation, but idk for how long: 'Accept-Encoding': 'br, zstd'
  15. Nope, I test requests one by one and still got a few errors
  16. do you have 100% success rate? it's still gives me rate limit from time to time
  17. Thanks for the feedback guys! This helped me with trade confirmations when testing, thanks! Nothing works for inventory requests yet. I'll take a closer look at real site requests later.
  18. Last week
  19. Here is a cleaner version if you encounter problems. Still not working %100, randomly works. As on some steamcommunity versions, that method would cause a crash. if (this._options.request) { return reject(new Error('SteamCommunity.login() is incompatible with node-steamcommunity v3\'s usage of \'request\'. If you need to specify a custom \'request\' instance (e.g. when using a proxy), use https://www.npmjs.com/package/steam-session directly to log onto Steam.')); } const SteamCommunity = require('steamcommunity'); const community = new SteamCommunity(); // Patch before confirmations — login doesn't use this.request community.request = community.request.defaults({ headers: { 'Accept-Encoding': 'gzip, deflate, br' } });
  20. For me, this method has not changed anything at all. I consistently receive cookies from the steam-session, setCookies() in steamcommunity and tradeoffer-manager work stably, but as soon as I try to send an exchange from the bot or get a link to the exchange bot getTradeURL(), I get error 429 Works for me: request: Request.defaults({ proxy: proxy, headers: { 'Accept-Encoding': 'deflate, br, zstd' } })
  21. Hello, I have been having problems loading my inventory since yesterday and I keep getting the 429 warning. I updated all the modules but my problem is still not solved and I am not able to load my inventory. How should I solve my problem? Thanks
  22. Hello, I have been having problems loading my inventory since yesterday and I keep getting the 429 warning. I updated all the modules but my problem is still not solved and I am not able to load my inventory. How should I solve my problem? Thanks
  23. receiving ofc. Trying to find the way to minimize it
  24. Yes, I do. Using trade offer manager which uses steamcommunity with the new headers defined. Endpoints like offerslist however don't seem to be returning 429's, only the confirmations endpoints do. Are you not receiving any 429's yourself when trying to confirm offers?
  25. do you call other api endpoints on same proxies? inventories, offerslist and so on
  26. Yes, didn't have these 429's yesterday with the same Proxy setup. All proxies are residential.
  27. do you use 1 account per 1 proxy?
  28. This seems to be a part of the solution. The confirmations are working like 60-70% of the time now but for the other 30-40% error 429 is still getting returned. Thank you for sharing though.
  29. here is easy fix: const request = require('request'); const SteamCommunity = require('steamcommunity'); let community = new SteamCommunity({ request: request.defaults({ headers: { 'Accept-Encoding': 'gzip, deflate, br' } }) }); if you use proxy: request: request.defaults({ proxy: proxyUrl, headers: { 'Accept-Encoding': 'gzip, deflate, br' } }) This is not rate limiting. Steam's WAF now fingerprints the Accept-Encoding request header. The legacy request package (which node-steamcommunity uses internally with gzip: true) sends exactly Accept-Encoding: gzip, deflate — real browsers always include br as well. Steam now rejects the bot-like values outright: Accept-Encoding sent Response gzip, deflate (request lib default) 429 gzip 429 gzip, deflate, br 200 gzip, deflate, br, zstd 200 Same IP, same endpoint, seconds apart — only the header changes the outcome. api.steampowered.com is not affected.
  1. Load more activity
×
×
  • Create New...