[BUG] Bash(curl:*) in allow list still prompts for permission

Resolved 💬 2 comments Opened Mar 18, 2026 by klt-nordiska Closed Mar 18, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

There is a similar issue but regarding settings.local.json.

Description:
Bash(curl:*) is listed in the allow array in settings.json, but Claude Code still shows a permission prompt for every
curl command instead of auto-approving it.

Expected behavior:
curl commands should execute automatically without a permission prompt, matching the behavior of other allowed
patterns like Bash(sed -n:) and Bash(find:).

Actual behavior:
Permission prompt appears for every curl invocation despite the allow rule being present.

settings.json (relevant section):
"allow": [
"Bash(curl:*)"
]

Environment:

  • OS: Windows 11
  • Shell: Git Bash
  • Model: claude-sonnet-4-6

---
The pattern syntax looks correct — it matches the other working rules exactly, so this does seem like a bug worth
reporting! 🐷

What Should Happen?

It shouldn't ask me for permissions. Just execute the Bash curl command.

Error Messages/Logs

Steps to Reproduce

Ask Claude:
Please fetch information about Apollo 13 from Wikipedia for me. If you get a 403 status code response, try using Bash curl with the user-agent of an iPhone.

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.78

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗