Hello everyone,
If you’re not encountering any CORS errors while previewing Canva Apps you can stop reading now.
The latest release of Google Chrome has blocked localhost network access as per their announcement here. And since Canva development apps run on localhost:8080, embedded within the Canva Editor, you may start seeing CORS errors after updating your browser.
We’ll be rolling out explicit local-network-access checks early next week, after which your browser should prompt you to allow local network access to canva.com.
In the meantime, you have a couple of workarounds.
## Workaround 1:
As this temporarily only impacts the Google Chrome browser, you may continue development using another browser, such as Firefox or Safari (see these instructions for previewing on Safari)
## Workaround 2:
Temporarily disable the local network access checks via chrome://flags/#local-network-access-check whenever you’re developing.
> This flag protects users from cross-site request forgery (CSRF) attacks targeting local network devices. Only disable this if you understand the security implications, and re-enable it when you’re done developing.
Update (13/11/2025):
We’ve added the local-network-access permission to the App iframe, which means Chrome will now prompt you to Allow local network access. We’ve updated our previewing guide with instructions.