What we never ask for
- No Steam password.
- No Steam Guard code.
- No inventory trade confirmation.
- No custom launcher, anti-cheat, executable, DLL, script, or browser extension.
Security
How MapQueue protects players
MapQueue is an alpha community platform. The goal is to keep player risk low, ask for only the access needed to run playtests, and make the trust model clear before anyone joins a queue or server.
How Steam login works
Steam login redirects to Steam Community OpenID and returns only a public SteamID. MapQueue does not see, receive, or store Steam credentials. Players should only enter Steam credentials on steamcommunity.com.
Server safety model
- The website sends normal CS2 connect information for approved playtest matches.
- CS2 server control uses server-side RCON secrets that are not sent to the browser.
- Admin actions are restricted to authenticated admin users.
- Browser sessions use signed httpOnly cookies and same-site request checks for unsafe API methods.
- Security headers are applied globally, including frame blocking, content type protection, and a CSP.
Safe alpha checklist
- Use the official MapQueue domain or Discord links shared by admins.
- Do not download files from players who claim they are required for MapQueue.
- Report suspicious links, impersonation, or requests for credentials through Support or Discord.
- Keep Steam and CS2 updated before joining community servers.