[BUG] API 400 Error and Session crash when reading conf files with obfuscated image extensions (e.g., .conf renamed to .png)

Resolved 💬 3 comments Opened Apr 19, 2026 by tokenwoolab Closed Apr 23, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I encountered a severe issue where reading and modifying a configuration file [ Managed by deployment configuration pipeline, File size around 60 KB ] with an obfuscated extension reliably triggers an HTTP 400 API error and corrupts the current session state.

In my scenario, I had a .conf file that was uploaded to a server with its extension intentionally obfuscated as .png. When sync the entire project , Claude Code correctly recognizes that it is not a real image file. However, when I explicitly prompt Claude Code to read and modify this specific file, it triggers a continuous 400 Bad Request error.

Claude Code correctly recognized that it was a config file rather than an actual PNG. Furthermore, I explicitly instructed it to read the file as plain text. It proceeded to initiate the read operation... [Read Tool]

What Should Happen?

Once this error is triggered, the session gets stuck in a broken state. I attempted the following to recover:
Failed: Ran /compact – Issue persisted.
Failed: Exited the tool and used resume to reload the session – Issue persisted (repeated 3 times).
Success: Used /rewind to roll back the conversation history before the file read attempt. This was the only way to save the session.

Error Messages/Logs

Read 1 file (ctrl+o to expand)
└ API Error: 400 { "type": "error", "error":  "type": "invalid_request_error", "message": "Could not process image" }, "request_id": "req_672CaLCcaoe6XzzuOEYw3"}

It appears that when Claude Code builds the API payload, it strictly relies on the .png extension to format the block (e.g., attempting to process it as an image/base64 block) rather than relying on its actual text content. The Anthropic API then rejects the malformed image payload, resulting in a 400 error. Because this malformed request state is saved in the chat history, the session remains broken until rewound.

Steps to Reproduce

  1. Create some [ In my situation is more then 5 ] standard text configuration file (e.g., settings.conf) 60-70kb.
  2. Obfuscate the extension by renaming it to an image format (e.g., settings.png).
  3. Include this file in the project context and ask Claude Code to read and modify its contents.
  4. The API will throw an HTTP 400 error.

Claude Code should gracefully handle mismatched MIME types/extensions. It should either read the file as raw text if the contents are plainly readable, or return a local error indicating the file format is unsupported, without attempting a malformed API call that poisons the session history.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.114 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Extension obfuscation is common practice. We change it all the time, SVG, JPG, GIF. Hitting this 400 error on my first production tweak with Claude Code was definitely a rough start.

<img width="1886" height="328" alt="Image" src="https://github.com/user-attachments/assets/18f99b56-2579-4f9d-a4c8-43cff487755e" />

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗