[BUG] Cowork — Additional allowed domains ignored on Team plan; same domain works on Pro plan

Resolved 💬 2 comments Opened May 28, 2026 by mikipaul891 Closed Jun 1, 2026

Summary

Custom domains added to Settings → Capabilities → Additional allowed domains
are not honored by the sandbox proxy on the Team plan. The same domain added
to the same setting on an Individual Pro plan works correctly.

Environment

  • Plan: Team (broken) vs Individual Pro (works)
  • App: Claude Cowork (desktop)
  • OS: macOS

Steps to Reproduce

  1. On Team plan, go to Admin Settings → Capabilities → Code execution
  2. Add <custom-domain>.cloudfront.net to "Additional allowed domains" → Save
  3. Wait 10+ days (not a propagation issue)
  4. In a Cowork session, run:
curl -v "https://<custom-domain>.cloudfront.net/path/to/file"

Actual Result

* Uses proxy env variable https_proxy == 'http://localhost:3128'
* Establish HTTP proxy tunnel to <custom-domain>.cloudfront.net:443
< HTTP/1.1 403 Forbidden
< X-Proxy-Error: blocked-by-allowlist
curl: (56) Received HTTP code 403 from proxy after CONNECT

Expected Result

200 OK — same as Individual Pro plan behavior with the same domain allowlisted.

Root Cause (investigated)

The sandbox proxy at localhost:3128 is a socat tunnel to a host-side Unix socket (claude-http-*.sock). The actual allowlist enforcement happens on the host side. On the Team plan, the org-level allowlist configuration from Admin Settings does not appear to be passed to this host-side proxy, even after 10+ days. On the Individual Pro plan, the user-level allowlist propagates correctly.

# Confirmed socat tunnel:
socat TCP-LISTEN:3128,fork,reuseaddr UNIX-CONNECT:/sessions/.../claude-http-*.sock

Impact

This blocks a real workflow: MCP connectors return presigned file URLs in tool responses. The model cannot fetch these via curl in the sandbox because the allowlist is not honored. The same workflow works correctly on Pro plan.

Related Issues

  • #38984 — Additional allowed domains allowlist non-functional
  • #59851 — Cowork domain allowlist UI not honored by sandbox proxy
  • #30112 — Network egress allowlist not working, 403 blocked-by-allowlist
  • #37970 — sandbox.network.allowedDomains ignored

New Data Point

None of the related issues document the Pro vs Team plan discrepancy. This suggests the bug may be specific to how org-level admin settings are forwarded to the sandbox proxy, distinct from user-level settings on Pro.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗