[BUG] claude-in-chrome: file_upload (DOM.setFileInputFiles) rejected with "Not allowed" on certain file inputs
Summary
When using mcp__claude-in-chrome__file_upload to upload a file to a programmatically-revealed <input type="file">, the wrapper rejects with CDP error {"code":-32000,"message":"Not allowed"}.
Reproduction
- Navigate to a page with a file input that is revealed dynamically (example: note.com editor's eyecatch image input
#note-editor-eyecatch-input). - Click the UI element that injects the file input into the DOM (example: the 「画像をアップロード」 menu button).
- Capture the file input ref via
findorread_page. - Call
mcp__claude-in-chrome__file_uploadwith thatrefand an absolute path to a local image. - Result:
Failed to upload file(s): {"code":-32000,"message":"Not allowed"}.
Expected
The file should be set on the input (equivalent to raw CDP DOM.setFileInputFiles succeeding for an authenticated automation context).
Actual
The wrapper rejects with -32000 Not allowed. Raw CDP DOM.setFileInputFiles is documented to support this case in the protocol spec, so the rejection appears to be a wrapper-level restriction rather than a Chrome/CDP limitation.
Workarounds attempted
- JS-based
input.files = dataTransfer.filesfollowed byinput.dispatchEvent(new Event('change', { bubbles: true })). Thechangeevent reaches the DOM, but the host page's uploader state machine does not transition because it expects the browser-native upload flow that completes via the OS file picker dialog. - We plan to try (in priority order):
- (a)
Input.dispatchDragEventfor adragenter → dragover → dropsequence on the dropzone. - (b) Native click on the upload button (open the OS dialog) followed by
DOM.setFileInputFilesto satisfy it. - (c)
ClipboardEvent('paste')with an image blob into the eyecatch modal.
Feature requests (either is acceptable)
- Document the conditions under which
file_uploadis denied and provide a sanctioned opt-in for trusted automation flows. Today the rejection is opaque to the caller. - Expose
Input.dispatchDragEvent(drag-and-drop simulation) as an MCP tool. Many modern web apps treat drag-and-drop as the canonical alternative entry point for file uploads, and this would let automation flows recover without depending onDOM.setFileInputFiles.
Environment
- Chrome stable, macOS
claude-in-chromeMCP extension (installed via Claude Code)- Reproduces against any host page where the file input is gated behind a programmatically-injected DOM (note.com editor is one concrete case).
Why this matters
The file input upload path is currently the only blocker on a fully automated note-publishing skill we are running. With either of the two feature requests above, automation can complete end-to-end without manual intervention on the eyecatch / header-image step.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗