[BUG] Claude in Chrome server-side classification blocks pd.smileynova.com — was working until April 9, 2026

Resolved 💬 5 comments Opened Apr 11, 2026 by tikizawa-ops Closed Jun 22, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

pd.smileynova.com (a dental clear aligner simulation platform by SmileyNova) is blocked by Claude in Chrome's server-side domain classification. This domain was fully accessible until approximately April 9, 2026, and suddenly became blocked with no changes on our side.
The parent domain www.smileynova.com is NOT blocked — only the pd. subdomain is affected.
All MCP tools fail on this domain:

navigate → "Navigation to this domain is not allowed"
screenshot → "Permission denied for this action on this domain"
javascript_tool → "Permission denied for JavaScript execution on this domain"
get_page_text → "Permission denied for reading page content on this domain"

Organization admin settings show no blocked domains. Chrome extension site access is set to "On all sites."
A JavaScript redirect from an allowed domain (window.location.href = 'https://pd.smileynova.com/...') successfully changes the URL, but all subsequent page interactions remain blocked — confirming this is a server-side per-domain policy.

What Should Happen?

pd.smileynova.com should be accessible as it was before April 9. At minimum, organization-level allowlist settings should be able to override server-side domain classifications.

Error Messages/Logs

// navigate tool
Navigation to this domain is not allowed

// screenshot tool
Permission denied for this action on this domain

// javascript_tool
Permission denied for JavaScript execution on this domain

// get_page_text
Permission denied for reading page content on this domain

Steps to Reproduce

Open a Cowork session with Claude in Chrome connected
Verify Chrome extension site access is set to "All sites"
Verify organization admin settings — blocklist is empty
Use navigate MCP tool to open https://pd.smileynova.com
Observe error: "Navigation to this domain is not allowed"
Use navigate to open https://www.smileynova.com — succeeds
Use javascript_tool on the loaded page to redirect: window.location.href = 'https://pd.smileynova.com/#/patient-detail/15894/1' — URL changes successfully
Attempt screenshot or javascript_tool on the redirected page — "Permission denied for this action on this domain"

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

Worked until approximately April 9, 2026. Exact Claude in Chrome extension version unknown (auto-updated).

Claude Code Version

latest version (claude code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Other

Additional Information

We run a Cowork scheduled task that automates a clinical workflow: querying Salesforce for patients awaiting simulation review, checking simulation status on pd.smileynova.com, and filling approval forms. This was running reliably for weeks and is now completely blocked, requiring manual processing of ~15-20 patients daily.
We suspect the pd subdomain prefix triggered a false positive in a healthcare/medical data classifier. pd.smileynova.com is a 3D simulation review tool for dental clear aligners, not a sensitive medical records system.
Related issues:

#43279 — Claude in Chrome blocks legitimate dev subdomain (app-dev.nomercy.tv)
#40173 — Server-side domain blocking breaks legitimate business automation
#41034 — All sites blocked in Cowork mode (was working previously)

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗