Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix [BUG] Claude in Chrome v1.0.69 inconsistently blocks Salesforce Lightning content reads — same domain, same plan, different sessions yield different results [1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#53727Fetched 2026-04-28 06:48:39
View on GitHub
Comments
1
Participants
2
Timeline
6
Reactions
0
Author
mitou-dkmitou-dk
Participants
github-actions[bot]github-actions[bot]mitou-dkmitou-dk
Timeline (top)
labeled ×3commented ×1subscribed ×1unsubscribed ×1

Claude in Chrome v1.0.69 server-side classifier produces non-deterministic / per-session false positives when reading content from Salesforce Lightning Experience domains.

Two users on the same extension version, same org, same Team plan, same Salesforce tenant, same client-side "All sites" permission, empty admin blocklist observe different results within the same hour:

  • User A: All MCP actions succeed (navigate, read_page, get_page_text, javascript_tool)
  • User B: tabs_context_mcp succeeds, but read_page, get_page_text, and javascript_tool are denied on daiichi-keiei.lightning.force.com

Since the only variable that differs is the user account / browser session, this is a server-side classifier issue, not a per-domain hardcoded rule.

Error Message

  1. One succeeds. The other is denied with no actionable error path.

Root Cause

  • Salesforce is a general-purpose CRM, not a financial services / banking / trading / crypto platform.
  • The classifier seemingly groups Salesforce under "financial services" because record contents may include monetary fields. Every business CRM contains such fields; that alone should not classify the platform as financial services.
  • Critically, the classifier is non-deterministic: the same domain on the same extension version yields different decisions in different sessions in the same org. This indicates per-session classification drift, not a deliberate policy.

Fix Action

Workaround

None at user or org-admin level for the affected user. Options:

  1. Disable Claude in Chrome and use Salesforce manually
  2. Use Claude Code with the sf CLI / MCP outside the browser
  3. Ask another user in the same org whose session is currently classified as allowed to retrieve the content (this is what we are doing as a workaround — clearly unsustainable)
RAW_BUFFERClick to expand / collapse

Summary

Claude in Chrome v1.0.69 server-side classifier produces non-deterministic / per-session false positives when reading content from Salesforce Lightning Experience domains.

Two users on the same extension version, same org, same Team plan, same Salesforce tenant, same client-side "All sites" permission, empty admin blocklist observe different results within the same hour:

  • User A: All MCP actions succeed (navigate, read_page, get_page_text, javascript_tool)
  • User B: tabs_context_mcp succeeds, but read_page, get_page_text, and javascript_tool are denied on daiichi-keiei.lightning.force.com

Since the only variable that differs is the user account / browser session, this is a server-side classifier issue, not a per-domain hardcoded rule.

Affected domain

  • daiichi-keiei.lightning.force.com (Salesforce Lightning Experience)
  • Almost certainly affects other *.lightning.force.com tenants the same way (any Salesforce instance).

Repro

  1. Two users in the same Team plan, both with Claude in Chrome v1.0.69, both with "Site access = On all sites".
  2. Both navigate the same Salesforce Lightning page (e.g. a Chatter feed / record list).
  3. Both invoke MCP read_page / get_page_text from a Claude Code session.
  4. One succeeds. The other is denied with no actionable error path.

What we observed (User B, blocked session)

  • tabs_context_mcp returned the Salesforce tab info correctly
  • read_page, get_page_text denied
  • javascript_tool denied
  • navigate to chrome://extensions denied (expected; chrome:// is universally blocked)
  • Client-side site access shows "On all sites"
  • Org admin blocklist: empty
  • The user has no override path available

What we observed (User A, working session)

  • All MCP actions succeed on the same Salesforce domain
  • read_page returned the full Lightning Experience accessibility tree

Why this is a false positive

  • Salesforce is a general-purpose CRM, not a financial services / banking / trading / crypto platform.
  • The classifier seemingly groups Salesforce under "financial services" because record contents may include monetary fields. Every business CRM contains such fields; that alone should not classify the platform as financial services.
  • Critically, the classifier is non-deterministic: the same domain on the same extension version yields different decisions in different sessions in the same org. This indicates per-session classification drift, not a deliberate policy.

Environment

  • Claude in Chrome: v1.0.69 (both users, identical)
  • Chrome: latest stable
  • OS: Windows 11 (both users)
  • Plan: Team
  • Org admin blocklist: empty
  • Org admin allowlist: not configured
  • Client-side site access: "On all sites" (both users)

Related issues

  • #46491 — server-side classifier false positive (pd.smileynova.com)
  • #43279 — legitimate dev subdomain blocked
  • #48960 — script.google.com blocked after v1.0.68 update
  • #50157 — claude.ai itself blocked at v1.0.68
  • #41034 — all sites blocked in Cowork mode

The pattern across these reports — and ours — points at the v1.0.68 / v1.0.69 server-side classifier configuration being too aggressive and non-deterministic for legitimate enterprise SaaS domains.

Workaround

None at user or org-admin level for the affected user. Options:

  1. Disable Claude in Chrome and use Salesforce manually
  2. Use Claude Code with the sf CLI / MCP outside the browser
  3. Ask another user in the same org whose session is currently classified as allowed to retrieve the content (this is what we are doing as a workaround — clearly unsustainable)

Request

  1. Treat Salesforce (*.lightning.force.com, *.force.com, *.salesforce.com) as a general enterprise CRM, not as financial services, in the server-side classifier.
  2. Investigate the non-determinism — same extension version, same domain, same org should produce the same classification for all sessions.
  3. Provide an admin-level override path so that Team / Enterprise admins can allowlist verified business domains and have that decision authoritative over the classifier.

extent analysis

TL;DR

The non-deterministic server-side classifier in Claude in Chrome v1.0.69 may be causing false positives for Salesforce Lightning Experience domains, and a potential fix could involve updating the classifier configuration to treat Salesforce as a general enterprise CRM.

Guidance

  • Investigate the server-side classifier configuration to determine why Salesforce is being classified as a financial services platform, and consider updating the configuration to treat it as a general enterprise CRM.
  • Review the related issues (#46491, #43279, #48960, #50157, #41034) to identify any patterns or common causes of the non-deterministic classification.
  • Consider providing an admin-level override path to allowlist verified business domains, such as Salesforce, to ensure consistent classification across all sessions.
  • In the short term, users may need to rely on workarounds such as disabling Claude in Chrome, using the sf CLI / MCP outside the browser, or asking another user in the same org to retrieve the content.

Example

No code snippet is provided as the issue is related to the server-side classifier configuration, which is not explicitly stated in the issue.

Notes

The non-deterministic nature of the classifier makes it challenging to provide a definitive fix, and further investigation is needed to determine the root cause of the issue. The provided workarounds may not be sustainable in the long term.

Recommendation

Apply a workaround, such as disabling Claude in Chrome or using the sf CLI / MCP outside the browser, until the server-side classifier configuration can be updated to treat Salesforce as a general enterprise CRM. This is because the current configuration is causing non-deterministic false positives, and an update to the classifier configuration is necessary to ensure consistent classification across all sessions.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#model save/load#optimization#mixed precision

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix [BUG] Claude in Chrome v1.0.69 inconsistently blocks Salesforce Lightning content reads — same domain, same plan, different sessions yield different results [1 comments, 2 participants]