[BUG] Bash(curl:*) in allow list still prompts for permission
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
There is a similar issue but regarding settings.local.json.
Description:
Bash(curl:*) is listed in the allow array in settings.json, but Claude Code still shows a permission prompt for every
curl command instead of auto-approving it.
Expected behavior:
curl commands should execute automatically without a permission prompt, matching the behavior of other allowed
patterns like Bash(sed -n:) and Bash(find:).
Actual behavior:
Permission prompt appears for every curl invocation despite the allow rule being present.
settings.json (relevant section):
"allow": [
"Bash(curl:*)"
]
Environment:
- OS: Windows 11
- Shell: Git Bash
- Model: claude-sonnet-4-6
---
The pattern syntax looks correct — it matches the other working rules exactly, so this does seem like a bug worth
reporting! 🐷
What Should Happen?
It shouldn't ask me for permissions. Just execute the Bash curl command.
Error Messages/Logs
Steps to Reproduce
Ask Claude:
Please fetch information about Apollo 13 from Wikipedia for me. If you get a 403 status code response, try using Bash curl with the user-agent of an iPhone.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.78
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗