Limit the X-UA-Compatible HTTP header-based altering of the mime type performed by Chrome Frame to top-level requests only in IE.

BUG=having an iframe that requests a resource that includes the X-UA-Compatible header in the response will trigger CF taking over the page. TEST=BUG doesn't happen anymore. Review URL: http://codereview.chromium.org/465036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33849 0039d316-1c4b-4281-b951-d872f2087c98
author: robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-04 20:42:33 +0000
committer: robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-04 20:42:33 +0000
commit: 723f2992cd897dc9c31e33994c49bd389bd800e1 (patch)
tree: 96383943a9e4ec925b6140085cff5f848715b4a8 /chrome_frame/http_negotiate.cc
parent: 1ded8cdc42869e312e55e7f14b6017d545b282d2 (diff)
download: chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.zip
chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.tar.gz
chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.tar.bz2
1 files changed, 33 insertions, 30 deletions
diff --git a/chrome_frame/http_negotiate.cc b/chrome_frame/http_negotiate.cc
index 5f89a76..ef996e5 100644
--- a/chrome_frame/http_negotiate.cc
+++ b/chrome_frame/http_negotiate.cc
@@ -234,34 +234,38 @@ HRESULT HttpNegotiatePatch::ReportProgress(
   if (status_code == BINDSTATUS_MIMETYPEAVAILABLE ||
       status_code == BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE ||
       status_code == LOCAL_BINDSTATUS_SERVER_MIMETYPEAVAILABLE) {
-    // Check to see if we need to alter the mime type that gets reported
-    // by inspecting the raw header information:
-    ScopedComPtr<IWinInetHttpInfo> win_inet_http_info;
-    HRESULT hr = win_inet_http_info.QueryFrom(me);
-
-    // Try slightly harder if we couldn't QI directly.
-    if (!win_inet_http_info || FAILED(hr)) {
-      hr = DoQueryService(IID_IWinInetHttpInfo, me,
-                          win_inet_http_info.Receive());
-    }
+    bool is_top_level_request = !IsSubFrameRequest(me);
+
+    if (is_top_level_request) {
+      // Check to see if we need to alter the mime type that gets reported
+      // by inspecting the raw header information:
+      ScopedComPtr<IWinInetHttpInfo> win_inet_http_info;
+      HRESULT hr = win_inet_http_info.QueryFrom(me);
+
+      // Try slightly harder if we couldn't QI directly.
+      if (!win_inet_http_info || FAILED(hr)) {
+        hr = DoQueryService(IID_IWinInetHttpInfo, me,
+                            win_inet_http_info.Receive());
+      }
 
-    // Note that it has been observed that getting an IWinInetHttpInfo will
-    // fail if we are loading a page like about:blank that isn't loaded via
-    // wininet.
-    if (win_inet_http_info) {
-      // We have headers: check to see if the server is requesting CF via
-      // the X-UA-Compatible: chrome=1 HTTP header.
-      std::string headers(GetRawHttpHeaders(win_inet_http_info));
-      if (net::HttpUtil::HasHeader(headers, kUACompatibleHttpHeader)) {
-        net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(),
-                                          "\r\n");
-        while (it.GetNext()) {
-          if (LowerCaseEqualsASCII(it.name_begin(), it.name_end(),
-                                   kUACompatibleHttpHeader)) {
-            std::string ua_value(StringToLowerASCII(it.values()));
-            if (ua_value.find("chrome=1") != std::string::npos) {
-              status_text = kChromeMimeType;
-              break;
+      // Note that it has been observed that getting an IWinInetHttpInfo will
+      // fail if we are loading a page like about:blank that isn't loaded via
+      // wininet.
+      if (win_inet_http_info) {
+        // We have headers: check to see if the server is requesting CF via
+        // the X-UA-Compatible: chrome=1 HTTP header.
+        std::string headers(GetRawHttpHeaders(win_inet_http_info));
+        if (net::HttpUtil::HasHeader(headers, kUACompatibleHttpHeader)) {
+          net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(),
+                                            "\r\n");
+          while (it.GetNext()) {
+            if (LowerCaseEqualsASCII(it.name_begin(), it.name_end(),
+                                     kUACompatibleHttpHeader)) {
+                std::string ua_value(StringToLowerASCII(it.values()));
+                if (ua_value.find("chrome=1") != std::string::npos) {
+                  status_text = kChromeMimeType;
+                  break;
+                }
             }
           }
         }
@@ -269,6 +273,5 @@ HRESULT HttpNegotiatePatch::ReportProgress(
     }
   }
 
-  HRESULT hr = original(me, status_code, status_text);
-  return hr;
-}
-\ No newline at end of file
+  return original(me, status_code, status_text);
+}
author	robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-04 20:42:33 +0000
committer	robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-04 20:42:33 +0000
commit	723f2992cd897dc9c31e33994c49bd389bd800e1 (patch)
tree	96383943a9e4ec925b6140085cff5f848715b4a8 /chrome_frame/http_negotiate.cc
parent	1ded8cdc42869e312e55e7f14b6017d545b282d2 (diff)
download	chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.zip chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.tar.gz chromium_src-723f2992cd897dc9c31e33994c49bd389bd800e1.tar.bz2