[BUG] Domain <X> is not allowed to be fetched even though explicitly allowed
Resolved 💬 26 comments Opened May 22, 2025 by yfzhou0904 Closed Dec 9, 2025
Environment
- Platform (select one):
- [x] Anthropic API
- [ ] AWS Bedrock
- [ ] Google Vertex AI
- [ ] Other: <!-- specify -->
- Claude CLI version: 0.2.125 (Claude Code)
- Operating System: macos 15.5
- Terminal: iTerm2
Bug Description
- prompt claude code to reference page: https://zod.dev/v4.
- claude code ask for permission to fetch this site, since this domain has not been persistently allowed or denied before on my computer.
- select "yes" or "yes and don't ask again"
- ⏺ Fetch(https://zod.dev/v4)…
⎿ Error: Domain zod.dev is not allowed to be fetched
Expected Behavior
<!-- What you expected to happen -->
Actual Behavior
<!-- What actually happened -->
Additional Context
<!-- Add any other context about the problem here, such as screenshots, logs, etc. -->
26 Comments
Were you able to solve this? We're experiencing the same issue.
Are you on the latest claude code version?
I regularly use & upgrades claude code, and I haven't seen this problem since I posted the issue. Maybe it's fixed?
Ran into it with 1.0.17. Thanks for the quick response!
Same problem with 1.0.31 (Claude Code)
!Image
Hasn't it been fixed yet?
Same problem on 1.0.44
same problem on v1.0.45
I pinpointed the issue, when Claude Code ask for permission to fetch the site it adds the permission
WebFetch(domain:example.com)but what it needs isFetch(domain:example.com)so as a temp fix, go to your.claude/settings.local.jsonchange all occurences ofWebFetchintoFetchand it should work.Edit: that will not fix future permissions (i.e. when Claude will want to fetch another site). So I have added
Fetch(domain:*)to my list of permission. Seems like a reasonable security tradeoff in my situation.I suspect the WebFetch tool is making a network request to claude.ai which is blocked by my corporate proxy but the corporate proxy docs page only outlines the network access requirements of the following:
I think the problem described in this thread is unrelated to the network, as the request is blocked by Claude so it doesn't go through the network. Do you get an error like this:
If yes, can you try to add
to your claude.settings and see if it fixes the issue? If not let us know.
If it's a different error I suggest creating a new issue and describing the problem with the error you get there.
I encountered the same error:
Error: Domain SOME_DOMAIN is not allowed to be fetchedIn my case, switching between
WebFetchandFetchdidn't resolve the issue. However, when I analyzed the traffic through a local web proxy, I discovered that requests were being made to theclaude.aidomain (which isn't mentioned in the corporate proxy documentation).Just wanted to share this finding in case others experience the same issue after trying the WebFetch/Fetch swap - you might need to allowlist
claude.aiin your proxy configuration as well.same problem, add Fetch(domain:xx) is not use.
I have the same problem...
By default, the fetch function in Node.js does not utilize the system environment variables HTTP_PROXY or HTTPS_PROXY. This means that if the domain you are trying to access requires proxy access, Node.js will not use the proxy settings. Below is the official solution to this issue:
https://github.com/nodejs/node/pull/57165
They will introduce an NODE_USE_ENV_PROXY environment variable. When NODE_USE_ENV_PROXY=1, Node.js will parse the HTTP_PROXY and HTTPS_PROXY environment variables upon startup to utilize the proxy settings.
This PR will take effect in Node.js version 24.0.0.
same question
My permissions are:
Tried everything mentioned above and it still doesn't work.
Update: I use third party MCP to fetch pages now.
Adding Fetch(domain:*) won't help. Try Cursor or Gemini cli instead. :-)
mark,did not work for me either
This is a bug caused by Claude Code checking Anthropic's api at
claude.ai/api/web/domain_info?domain=...before it will fetch pages. On Enterprise networks, the Anthropic API is often blocked.Unfortunately there is no workaround or flag to disable this undocumented feature.
In case you happen to be in this enterprise scenario where the https cert is being modified (which was the case for me) and causes node to see it as invalid/unauthorized:
export NODE_TLS_REJECT_UNAUTHORIZED=0Thanks to @ekexium 's solution, I've created a simple wrapper using Claude Code. You just need to run
npm install -g claude-fetch-setup, then executeclaude-fetch-setupto set up the customized fetch-mcp. The result is as follows:For more details, please check the source code repository
This is because Claude Code will request data from Claude.ai instead of the URL you requested. Therefore, you need to configure a proxy for CC to allow it to bypass the local firewall to access Claude.ai. Or you can consider using the MCP provided by @pomelo-nwu .
@HWOUq1xd7c is right.
When u let cc use WebFetch to visit a website, cc will query LLM then call local WebFetch tool.
Before visit the website, cc will request
https://claude.ai/api/web/domain_info?domain={website domain}to query if can fetch or not. Most of us will meet a 403 Forbidden response(maybe IP restriction), then cause cc throw error.So the method is,
curl 'https://claude.ai/api/web/domain_info?domain=ai-sdk.dev'It may return:
<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1">...NOT
{"domain":"ai-sdk.dev","can_fetch":true}Maybe network check is the key to solve the problem.
This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.
This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.