[Bug][aup] CSP violation console output in browser caused false AUP block during frontend debugging session (req_011CbvM7S4p2pVKg7s3fFDH1)

Open 💬 2 comments Opened Jun 25, 2026 by sworrl

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general

Why this is a false positive

The session involved standard frontend debugging — identifying a TypeError in a JavaScript bundle and implementing a server-side user-preference feature (scroll position persistence via a prefs API). The only security-adjacent content was a passively observed browser console warning about a third-party analytics script being blocked by an existing Content Security Policy directive, which was incidental output from the user's environment and was not being acted upon. No security testing, exploitation, or policy-violating content was present; the block appears to have been triggered by the CSP-related log text appearing verbatim in the conversation context.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-06-10T22:13:05.526Z.

Request IDs (lookup-able server-side)

  • req_011CbvM7S4p2pVKg7s3fFDH1 (2026-06-10T22:13:05.526Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.

Request ID: req_011CbvM7S4p2pVKg7s3fFDH1

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.25 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗