The above obviously does not work so the question is,
how do I need to change the config so that embedder and opener policy would reflect in the browser?
running caddy using caddy start and trying to use the curl command you provided I got a mixed bag of messages.
* Could not resolve host: localhost'
* Closing connection 0
curl: (6) Could not resolve host: localhost'
* Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#1)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection 1
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
So I had a look in the browser (chrome) to see if it is reflecting the right values.
The policies does not seem to reflect in the browser and so the features fail.
Caddy version : 2.5.2
I also tried setting require-corp to “require-corp” and same-origin to “same-origin” but did not seem to make a difference.
Going forward, could you please put all configuration and logs in code fences, i.e. triple backticks (```) on lines before and after the text, exactly as you have done it in your original post. This makes things much more readable - thanks!
The result from curl is showing some SSL issues. Specifically, revocation issues. Try:
And post the full output in code fences. What we want to confirm is that your Caddy server is setting the headers you expect correctly. A good result will have a full request and response, including the headers.