[BUG] file_upload tool returns CDP error "Not allowed" on all origins — tool is non-functional

Resolved 💬 4 comments Opened Mar 9, 2026 by BryceEWatson Closed Mar 9, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Environment

  • Platform: Windows 11 Pro x64
  • Claude Desktop: Latest (Cowork enabled)
  • Chrome Extension: Latest from Chrome Web Store (extension ID fcoeoabgfenejglbffodgkkbkcdhcgfn)
  • Connector: Claude in Chrome, enabled via Cowork

What's Wrong?

The mcp__Claude_in_Chrome__file_upload tool is exposed through the MCP bridge and accepts correct parameters, but every call fails with:

Failed to upload file(s): {"code":-32000,"message":"Not allowed"}

This is a CDP-level error. The tool is completely non-functional — it fails on every origin, every path format, and every file tested. Cowork cannot upload local files to web form file inputs through the Chrome connector.

Steps to Reproduce

  1. Open Cowork with Chrome connector enabled
  2. Navigate to https://the-internet.herokuapp.com/upload
  3. Use read_page to get the file input's ref ID
  4. Call file_upload with a valid absolute path, the ref, and tabId
  5. Result: Failed to upload file(s): {"code":-32000,"message":"Not allowed"}

Diagnostic Results

Two diagnostic rounds were run from Cowork. The tool exists (18 Chrome tools available through MCP) but fails universally.

Origins tested — all return identical error: the-internet.herokuapp.com, example.com, google.com.

Path formats tested — all return identical error: Windows backslash paths, forward slash paths, Linux VM paths, and known Windows system files (hosts file).

Other tools: upload_image requires an imageId not file paths. javascript_tool with DataTransfer API can create synthetic in-memory files but cannot read actual files from disk. Note: programmatically dispatched events have isTrusted=false, so sites that check event trust (e.g. Google services) will reject even the DataTransfer workaround. computer click opens an OS dialog that cannot be interacted with.

Possible Root Causes

CDP error -32000 "Not allowed" is returned by the DOM.setFileInputFiles CDP command. The extension clearly has debugger permission — other CDP operations (read_page, form_input, javascript_tool) work correctly. The hangwin/mcp-chrome project successfully implemented file upload using the same CDP method, confirming this is architecturally viable. This error (Chromium bug #928255) historically required using Page.setInterceptFileChooserDialog with backendNodeId rather than calling DOM.setFileInputFiles directly. The most likely causes: the extension's file_upload implementation uses a broken CDP call sequence, or the tool is intentionally disabled while still exposed in the schema.

Related Issues

This is a known, unfixed limitation with a chain of at least 5 duplicate issues:

  • #32179 — identical file_upload failure + network allowlist issues (closed as duplicate of #30861)
  • #30861, #30112, #28067 — earlier reports in the duplicate chain
  • #15651 — closed as duplicate, parent issue not identifiable

Impact

Cowork can automate every part of a web form except file uploads. This blocks automation for expense reports, document portal submissions, and similar workflows. Anthropic docs describe file upload as supported: "Give Claude an image and tell it where to upload, whether it's an expense report, form attachment, or picture upload."

What Should Happen?

file_upload should set the specified file on the input element using CDP, as its description states: "Upload one or multiple files from the local filesystem to a file input element on the page."

Error Messages/Logs

Failed to upload file(s): {"code":-32000,"message":"Not allowed"}

Steps to Reproduce

  1. Open Cowork with Chrome connector enabled
  2. Navigate to https://the-internet.herokuapp.com/upload
  3. Use read_page to get the file input's ref ID
  4. Call file_upload with a valid absolute path, the ref, and tabId
  5. Result: Failed to upload file(s): {"code":-32000,"message":"Not allowed"}

Claude Model

None

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

Latest (Claude Desktop with Cowork)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Non-interactive/CI environment

Additional Information

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗