Claude in Chrome: browser permission dialog reappears on every scheduled task run
Bug Report: Chrome Extension Permission Dialog Reappears on Every Scheduled Task Run
Summary
The "Allow Claude to use the browser on [domain]" permission dialog appears every time a scheduled task runs, despite clicking "Allow all browser actions." The permission does not persist between sessions, making scheduled browser tasks require manual intervention on every run.
Environment
- Claude Desktop (Cowork mode)
- Claude in Chrome extension ID:
hgoppfmeamohhpdlgmbondkfcijhklbo - Two scheduled tasks using Chrome browser tools on
admin.booking.com - Tasks have
allowed-toolsproperly configured in SKILL.md frontmatter
Steps to Reproduce
- Create a scheduled task that uses Chrome browser tools (navigate, read_page, find, etc.)
- Include
allowed-toolsin the SKILL.md frontmatter listing all required MCP tools - Run the task (manually or on schedule)
- When the "Allow Claude to use the browser on admin.booking.com?" dialog appears, click "Allow all browser actions"
- Wait for the task to complete
- Run the task again (or wait for the next scheduled run)
Expected Behavior
After clicking "Allow all browser actions," the permission should persist across sessions. Subsequent task runs should not show the permission dialog.
Actual Behavior
- The permission dialog appears on every single task run
- The extension's Settings → Permissions → "Your approved sites" shows "No sites have been approved yet" even after clicking "Allow all browser actions" dozens of times
- The setting is not saved anywhere
Root Cause Analysis (from reverse-engineering the extension code)
We inspected the extension's source code (mcpPermissions-D-cKe6e4.js and PermissionManager-Dh53JkTm.js) and found:
1. Bridge permission mode is session-only
In mcpPermissions, when a tool request comes from the bridge (Cowork), the permissionMode is read from the bridge message, NOT from persistent storage:
// From mcpPermissions-D-cKe6e4.js (deobfuscated)
if ("bridge" === e.source) {
const t = function(e, t) {
if (!e || "ask" === e) return; // "ask" = show dialog
const r = "skip_all_permission_checks" === e;
const o = new PermissionManager(() => r, {});
return "follow_a_plan" === e && t?.length && o.setTurnApprovedDomains(t), o;
}(e.permissionMode, e.allowedDomains);
}
When permissionMode is "ask" or undefined (which is what Cowork sends for scheduled tasks), no PermissionManager is created, and the onPermissionRequired callback sends a permission_request back to Cowork, which displays the dialog.
2. Per-site permissions exist but are never checked for bridge requests
The extension stores per-site permissions in chrome.storage.local under the key "permissionStorage" with this structure:
{
"permissions": [{
"id": "uuid",
"scope": { "netloc": "admin.booking.com" },
"action": "allow",
"duration": "always",
"createdAt": 1234567890
}]
}
However, this storage is ONLY checked when a PermissionManager instance exists. For bridge requests with permissionMode: "ask", no PermissionManager is created, so per-site permissions are never consulted.
3. "Allow all browser actions" button doesn't persist
The button appears to set a session-level flag but does NOT:
- Write to
permissionStorageinchrome.storage.local - Update
lastPermissionModePreferencein storage - Add the domain to any approved sites list
This is why "Your approved sites" remains empty despite repeated clicks.
What We Tried (none worked)
- Clicking "Allow all browser actions" — resets every session
settings.local.jsonwithbypassPermissionsand MCP tool allow rules — only affects Claude Code tool permissions, not Chrome domain permissions- Writing
permissionStoragedirectly tochrome.storage.local— data is stored but not read for bridge requests - Setting
lastPermissionModePreference: "skip_all_permission_checks"— Cowork ignores this when determining whatpermissionModeto send - Setting
browserControlPermissionAccepted: true— already was true, has no effect on per-domain checks
Suggested Fix
One of these approaches would fix the issue:
Option A: When Cowork sends a bridge request for a scheduled task, set permissionMode to "skip_all_permission_checks" instead of "ask". Scheduled tasks are explicitly configured by the user and should not require runtime permission confirmation.
Option B: Make the "Allow all browser actions" button actually persist the setting by writing to storage (e.g., lastPermissionModePreference: "skip_all_permission_checks") and have Cowork read this value when determining the permissionMode for bridge requests.
Option C: When permissionMode is "ask", check permissionStorage for per-site "always allow" entries BEFORE sending a permission_request back to Cowork. This way the existing "Always allow actions on this site" mechanism would work for bridge requests too.
Impact
This bug makes scheduled browser tasks unusable for automation — the user must be present to click "Allow" every time, defeating the purpose of scheduling.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗