I don't see anything about network permissions, but I am getting some interaction so I don't think it's that.
The logs are funky though. If I remove bucket.coracle.social from my default relays and use a link with only nsec.app in it, Amber puts bucket back in my settings and connects to it. The logs only show an onBeforeSend and a disconnect for nsec.app.
I did find out why I wasn't able to connect, which is that amber sends "ack" back instead of the secret specified in the nostrconnect link (unspecified, but should be added). Supporting ack works, but can lead to session hijacking (evil signers can spam clients and monitor signing requests).
Now that I am logged in, I'm not able to receive any responses. I'm subscribed to 24133s which p-tag my client session pubkey (same one sent in the nostrconnect link). Any tips?