Claude in Chrome: all navigate/javascript_tool calls return 'Navigation to this domain is not allowed' regardless of extension allowlist

Resolved 💬 1 comment Opened May 19, 2026 by Yassi-846 Closed Jun 22, 2026

Summary

Every mcp__Claude_in_Chrome__navigate and mcp__Claude_in_Chrome__javascript_tool call is rejected with Navigation to this domain is not allowed / Permission denied for JavaScript execution on this domain, even for fully public domains like google.com and github.com, and even on a freshly created MCP tab group.

Extension-side allowlist is wide open. Issue appears to be on the MCP server side gate, not the extension.

Environment

  • Claude Code: Opus 4.7 (claude-opus-4-7)
  • macOS Darwin 25.4.0
  • Claude in Chrome extension v1.0.70
  • Chrome on macOS

Symptoms

  • mcp__Claude_in_Chrome__list_connected_browsers ✅ works
  • mcp__Claude_in_Chrome__select_browser ✅ works
  • mcp__Claude_in_Chrome__tabs_context_mcp ✅ works
  • mcp__Claude_in_Chrome__tabs_create_mcp ✅ works
  • mcp__Claude_in_Chrome__navigate ❌ returns Navigation to this domain is not allowed for ALL URLs including https://example.com, https://google.com, https://github.com
  • mcp__Claude_in_Chrome__javascript_tool ❌ returns Permission denied for JavaScript execution on this domain on any page

Extension state (verified by user)

  • claude.ai/settings/browser-extension → "Standard für alle Websites" = Erweiterung erlauben (allow on all sites)
  • Blocked sites list: empty
  • chrome://extensions → Claude extension toggle: ON, "All sites" access
  • Other extensions tried disabled — no change

Reproduction sequence

  1. First navigate call in a fresh session worked (loaded a redirect to OAuth login)
  2. After the login redirect resolved, subsequent navigate calls started returning the error
  3. Error persists across:
  • tabs_create_mcp (new MCP tab in same group)
  • Chrome restart (quit + reopen)
  • chrome://restart
  • Toggle Claude extension OFF→ON in chrome://extensions
  • Disabling all other extensions
  1. Reproduced with brand-new arbitrary URLs (google.com, github.com) — not domain-specific

Suspected related

Older memory note from a prior session mentions: navigation to an unauthorized domain can poison the entire browser's MCP allow state, normally recoverable via extension toggle + ⌘+Shift+R. Today that recovery procedure does not work; the state appears persistent at the MCP server side.

Impact

Browser automation completely broken. Forced to either skip automated workflows entirely or have the user manually copy data into the chat.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗