X-frame-options not taking over docker container labels

I am trying to get contents served via traefik displayed as an iframe. Therefore i set the customFrameOptionsValue label for the backend container, so that traefik sends the x-frame-options header.

This is my label setting for the specific upstream docker container:

      traefik.http.routers.homepage.rule: "Host(`www.{{ traefik_domain }}`)"
      traefik.http.routers.homepage.entrypoints: "https"
      traefik.http.routers.homepage.service: "homepage"
      traefik.http.routers.homepage.tls.certresolver: "le-tls"
      traefik.http.services.homepage.loadbalancer.server.port: "80"
      traefik.http.services.homepage.loadbalancer.passHostHeader: 'true'
      traefik.http.middlewares.homepage.headers.customFrameOptionsValue: "allow-from https://www.qrz.com/db/do1ttk https://www.qrz.com"
      traefik.http.middlewares.homepage.headers.contentSecurityPolicy: "frame-ancestors https://www.qrz.com/db/do1ttk https://www.qrz.com"

However, the content is not displayed in the target iframe, and when i look at the headers sent out via the Chrome Dev tools, i see that the x-frame-options header is still set to SAMEORIGIN.

What am i missing here?

You must assign your middleware to your router, see docs with example.

OK, thanks for pointing that out. I added the following label to the list:
traefik.http.routers.homepage.middlewares: homepage@docker

Now, the traefik web frontend shows the header middleware in the router definition:

The iframe is now loading, because of the contentSecurityPolicy option. However, the x-frame-options still shows SAMEORIGIN despite the customFrameOptionsValue is set. Well, i guess, maybe my Chrome is too new, then :wink: