Feature request: Support wildcard subdomain matching for WebFetch domain permissions

Resolved 💬 3 comments Opened Dec 24, 2025 by racso-dev Closed Dec 28, 2025

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently, the WebFetch(domain:...) permission rule requires exact domain matching. This means that domain:example.com does not match www.example.com, requiring users to list each subdomain variant explicitly.

Current behavior:

"allow": [
  "WebFetch(domain:better-auth.com)"
]

This does NOT allow fetching https://www.better-auth.com/... - Claude still prompts for permission.

Proposed Solution

Expected behavior:
Support wildcard syntax like WebFetch(domain:*.example.com) or have domain:example.com automatically include common subdomains like www.example.com.

Workaround:
Currently, users must explicitly list all subdomain variants:

"allow": [
  "WebFetch(domain:better-auth.com)",
  "WebFetch(domain:www.better-auth.com)"
]

Alternative Solutions

_No response_

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

_No response_

Additional Context

Note:
Wildcard subdomain matching (e.g., *.gcr.io) is already supported in Claude Code on the web for default allowed domains. It would be helpful to extend this capability to local WebFetch permission rules.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗