403 Error When Sending Trade Request via Chrome Extension with Fetch

[millicent]

Hey,
I'm working on a Chrome extension that sends a trade request via a fetch POST request to Steam, but I'm consistently getting a 403 Forbidden error(even if I reset my IP). I've double-checked everything related to cookies and I'm pretty sure those are correct.
I'm wondering if this issue might be because I'm trying to send the request directly from the extension. Should I consider sending the trade request through a server instead? Or is there a way to make it work directly through the Chrome extension?

Here's the code I'm currently using to send the request:

async function sendTradeOffer(sessionID, partnerSteamID, tradeToken, itemsFromMe, itemsFromThem, cookies) {
  const tradeOffer = {
    newversion: true,
    version: 2,
    me: {
      assets: itemsFromMe, // [{ appid: 440, contextid: '2', amount: 1, assetid: '14765659647' }]
      currency: [],
      ready: false
    },
    them: {

      assets: itemsFromThem, // []
      currency: [],
      ready: false
    }
  };

  const params = tradeToken ? { trade_offer_access_token: tradeToken } : {};

  try {
    const response = await fetch(`https://steamcommunity.com/tradeoffer/new/send`, {
      method: 'POST',
      headers: {
        'content-type': 'application/x-www-form-urlencoded',
        'cookie': cookies, // browserid=xxx; steamLoginSecure=xxx%7C%7Cxxx; sessionid=xxx
        'referer': `https://steamcommunity.com/tradeoffer/new/?partner=${partnerSteamID}${tradeToken ? `&token=${tradeToken}` : ''}`
      },
      body: new URLSearchParams({
        sessionid: sessionID,
        serverid: 1,
        partner: partnerSteamID.toString(),
        tradeoffermessage: '',
        json_tradeoffer: JSON.stringify(tradeOffer),
        captcha: '',
        trade_offer_create_params: JSON.stringify(params),
        tradeofferid_countered: ''
      })
    });

    if (!response.ok) {
      throw new Error(`HTTP error! status: ${response.status}`);
    }

    const data = await response.json();
    console.log(data);
    return data;
  } catch (error) {
    console.error('Error during trade offer:', error);
    return { error };
  }
}

 

[Dr. McKay]

That all looks fine to me at a glance. I'd look into whether it's actually possible to set cookies the way you are in a fetch request in a browser extension; that may be blocked for some reason.

[mqwerty]

You won't be able to change cookies that way. If you are using manifestV3 investigate the information about declarativeNetRequest.