Chrome MCP per-domain prompt re-triggers every session despite tool allowlist — no settings.json syntax to allow domains

Resolved 💬 1 comment Opened May 14, 2026 by elivitan Closed Jun 13, 2026

Summary

A recent Claude Code update added a second permission layer on Chrome MCP (mcp__Claude_in_Chrome__*) tools that checks the domain parameter. Even when the tool name is allowlisted (and even in bypassPermissions mode), the user is prompted on every new domain, every session. There is no settings.json syntax to allow specific domains — the validator rejects parenthesized parameter patterns.

Environment

  • OS: Windows 11 Pro
  • Shell: PowerShell
  • Permission mode: Bypass permissions (status line shows it active)
  • MCP server: Claude_in_Chrome

Reproduction

  1. In permissions.allow, add mcp__Claude_in_Chrome__* (or any of the specific tool names like mcp__Claude_in_Chrome__navigate, mcp__Claude_in_Chrome__browser_batch).
  2. Set permission mode to bypassPermissions.
  3. Have Claude run mcp__Claude_in_Chrome__navigate to any URL on a new domain.

Expected: No prompt — tool is allowlisted, bypass mode is active.

Actual: A permission dialog appears titled Allow Claude to use browser:navigate? with body:

{
  "domain": "developers.facebook.com"
}

The dialog offers Deny / Always allow / Allow once with a session chip. "Always allow" persists only for the session.

Workaround attempt that fails

Trying to add a parameter-scoped rule to permissions.allow:

"mcp__Claude_in_Chrome__navigate(domain:*)"

Validation rejects with:

MCP rules do not support patterns in parentheses. Use "mcp__Claude_in_Chrome__navigate" without parentheses, or use "mcp__Claude_in_Chrome__*" for all tools.

But the bare tool name and the server-wildcard both leave the per-domain prompt in place. There is no syntax that suppresses it.

What changed

Before the update, "Always allow" on a domain persisted permanently and the issue did not recur on later sessions. After the update, that allow is session-scoped only — every new session re-prompts.

Asks

  1. Treat bypassPermissions as covering the per-domain check as well (it currently doesn't).
  2. Or: allow mcp__Claude_in_Chrome__navigate(domain:*) / mcp__Claude_in_Chrome__navigate(domain:example.com) in permissions.allow, mirroring the existing WebFetch(domain:...) syntax.
  3. Or: restore the prior behavior where "Always allow" on a domain persists across sessions.

Any of the three resolves the regression. The first or second is preferred since it's configurable in version-controlled settings.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗