Gitpulse
Merged
Size
L
Change Breakdown
Security65%
Feature25%
Docs10%
#28304feat: Limit computer use connections to only cloud instances

Computer use connections restricted to n8n cloud

DL
dlavrenuek
·Apr 10, 2026

The n8n computer use daemon now locks down connections by default, accepting requests only from n8n cloud instances instead of any origin. Environment variable overrides are removed entirely.

Previously, the computer use daemon accepted connections from any origin by default, requiring users to manually specify allowed origins or rely on runtime confirmation prompts. This open design created a potential security risk where a malicious website could attempt to trigger filesystem operations.

The daemon now restricts incoming connections to n8n cloud instances by default. Users start the daemon with their instance URL directly—npx @n8n/computer-use https://my-instance.app.n8n.cloud—and the daemon automatically accepts only requests from that origin. The system also added support for wildcard patterns like .

The environment variable N8N_GATEWAY_ALLOWED_ORIGINS was removed entirely, closing a gap where a compromised environment variable could expand the attack surface. The --allow-origin flag was renamed to --allowed-origins and is now CLI-only, with a default allowlist of .

Local development remains possible: developers can override the allowlist with npx @n8n/computer-use http://localhost:5678 --allowed-origins http://localhost:5678. The --filesystem-dir flag was shortened to --dir with a -d shorthand for easier use.

In the @n8n/computer-use package, the CLI entry point was refactored to remove the standalone serve command, replacing it with a daemon mode that activates when no API token is provided. Origin validation logic was added to the daemon, including a wildcard pattern matcher for subdomain support.

View Original GitHub Description

Summary

Improves security for Computer Use.

  • limit the connection to/from Computer Use to only n8n cloud per default https://*.app.n8n.cloud
    • can be overridden by cli flag f.e. --allowed-origins http://localhost:5678
    • removed the ability to override allowed origins via env variable
  • removed serve command
  • n8n instance url must now be specified, for example npx @n8n/computer-use https://test.app.n8n.cloud, if no connection token is provided the daemon is started in serve mode allowing only connections to/from the passed instance url
  • adjusted helm message, readme, spec, system prompt in AI Assistant (Instance AI)
  • changed dir flag to --dir and added -d shorthand for easier use

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/NODE-4813/only-allow-connection-to-n8n-cloud

Review / Merge checklist

  • I have seen this code, I have run this code, and I take responsibility for this code.
  • PR title and summary are descriptive. (conventions) <!-- **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** -->
  • Docs updated or follow-up ticket created.
  • Tests included. <!-- A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. -->
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse