I need to open an URL, from an anchor situated on a page created for Facebook at the top-most level. Doing some research, I found that the new X-Frame-Options restrictions are blocking this action and that a possible fix for this is to allow access at the requester level, ie. my application.
The application is being hosted through IIS 6 so I could easily add the required custom header X-Frame-Options ALLOW-FROM http://www.mywebsite.com/, however, I still get the refusal message when trying to click on a link in my page.
I cannot upgrade to a newer version of IIS as marketing material already went out. Is there another way to fix this, or am I adding the X-Frame-Options at the wrong location?
Also, I have target="_top" in both my anchors.
I need to open an URL, from an anchor situated on a page created for Facebook at the top-most level. Doing some research, I found that the new X-Frame-Options restrictions are blocking this action
No, it's the other way around - what the X-Frame-Options header does, is restrict a document from being displayed in any kind of frame environment.
and that a possible fix for this is to allow access at the requester level, ie. my application.
No. The responder, that is, the web server delivering the resource, has to set that header to control where the document can be displayed or not.