How to Change the Security Level in ComfyUI

ComfyUI is a powerful node-based interface for running Stable Diffusion models locally. Because it's designed to be flexible and hackable, it ships with configurable security settings — particularly around how it handles external connections, custom nodes, and API access. Knowing how to adjust these settings matters whether you're running ComfyUI strictly on your own machine or exposing it across a network.

What "Security Level" Means in ComfyUI

ComfyUI doesn't use a single toggle labeled "security level" the way a consumer firewall might. Instead, its security posture is controlled through a combination of launch arguments, configuration flags, and network exposure settings that together determine what the interface can do and who can reach it.

The most significant security-related controls involve:

• --listen — whether ComfyUI binds to localhost only or to an external network interface
• --port — which port the server runs on
• --disable-auto-launch — whether a browser opens automatically on startup
• --enable-cors-header — whether cross-origin requests are accepted
• --preview-method — controls how image previews are generated, with minor performance and exposure implications
• Custom node permissions — whether untrusted custom nodes can execute arbitrary code

These arguments are passed when launching ComfyUI, typically via the command line or a launch script.

How to Modify Launch Arguments

Most ComfyUI installations are started with a Python command or a shell/batch script. The security-relevant flags are appended to that command.

On Windows, you typically edit run_nvidia_gpu.bat or a similar .bat file in your ComfyUI folder. It will contain a line like:

You modify this to include flags:

On Linux/macOS, the equivalent is usually a .sh script or a direct terminal command: