editDesign
method and pass through a designId
of a design not created by the current user, Canva responds with a 403
error.403
error.Referer
HTTP header. Canva uses the Referer
header to identify if the integration's domain is on the allowlist.Referrer-Policy
header is set to a value that prevents Canva from receiving the Referer
header:Referrer-Policy
header to the strict-origin-when-cross-origin
header. This ensures that the origin is sent with cross-origin requests, which allows Canva to verify if the origin domain is on the allowlist.403
error.