[BUG] file_upload tool returns CDP error "Not allowed" on all origins — tool is non-functional
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Environment
- Platform: Windows 11 Pro x64
- Claude Desktop: Latest (Cowork enabled)
- Chrome Extension: Latest from Chrome Web Store (extension ID fcoeoabgfenejglbffodgkkbkcdhcgfn)
- Connector: Claude in Chrome, enabled via Cowork
What's Wrong?
The mcp__Claude_in_Chrome__file_upload tool is exposed through the MCP bridge and accepts correct parameters, but every call fails with:
Failed to upload file(s): {"code":-32000,"message":"Not allowed"}
This is a CDP-level error. The tool is completely non-functional — it fails on every origin, every path format, and every file tested. Cowork cannot upload local files to web form file inputs through the Chrome connector.
Steps to Reproduce
- Open Cowork with Chrome connector enabled
- Navigate to https://the-internet.herokuapp.com/upload
- Use
read_pageto get the file input's ref ID - Call
file_uploadwith a valid absolute path, the ref, and tabId - Result:
Failed to upload file(s): {"code":-32000,"message":"Not allowed"}
Diagnostic Results
Two diagnostic rounds were run from Cowork. The tool exists (18 Chrome tools available through MCP) but fails universally.
Origins tested — all return identical error: the-internet.herokuapp.com, example.com, google.com.
Path formats tested — all return identical error: Windows backslash paths, forward slash paths, Linux VM paths, and known Windows system files (hosts file).
Other tools: upload_image requires an imageId not file paths. javascript_tool with DataTransfer API can create synthetic in-memory files but cannot read actual files from disk. Note: programmatically dispatched events have isTrusted=false, so sites that check event trust (e.g. Google services) will reject even the DataTransfer workaround. computer click opens an OS dialog that cannot be interacted with.
Possible Root Causes
CDP error -32000 "Not allowed" is returned by the DOM.setFileInputFiles CDP command. The extension clearly has debugger permission — other CDP operations (read_page, form_input, javascript_tool) work correctly. The hangwin/mcp-chrome project successfully implemented file upload using the same CDP method, confirming this is architecturally viable. This error (Chromium bug #928255) historically required using Page.setInterceptFileChooserDialog with backendNodeId rather than calling DOM.setFileInputFiles directly. The most likely causes: the extension's file_upload implementation uses a broken CDP call sequence, or the tool is intentionally disabled while still exposed in the schema.
Related Issues
This is a known, unfixed limitation with a chain of at least 5 duplicate issues:
- #32179 — identical
file_uploadfailure + network allowlist issues (closed as duplicate of #30861) - #30861, #30112, #28067 — earlier reports in the duplicate chain
- #15651 — closed as duplicate, parent issue not identifiable
Impact
Cowork can automate every part of a web form except file uploads. This blocks automation for expense reports, document portal submissions, and similar workflows. Anthropic docs describe file upload as supported: "Give Claude an image and tell it where to upload, whether it's an expense report, form attachment, or picture upload."
What Should Happen?
file_upload should set the specified file on the input element using CDP, as its description states: "Upload one or multiple files from the local filesystem to a file input element on the page."
Error Messages/Logs
Failed to upload file(s): {"code":-32000,"message":"Not allowed"}
Steps to Reproduce
- Open Cowork with Chrome connector enabled
- Navigate to https://the-internet.herokuapp.com/upload
- Use
read_pageto get the file input's ref ID - Call
file_uploadwith a valid absolute path, the ref, and tabId - Result:
Failed to upload file(s): {"code":-32000,"message":"Not allowed"}
Claude Model
None
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
Latest (Claude Desktop with Cowork)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Non-interactive/CI environment
Additional Information
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗