Limit the X-UA-Compatible HTTP header-based altering of the mime type performed by Chrome Frame to top-level requests only in IE.

BUG=having an iframe that requests a resource that includes the X-UA-Compatible header in the response will trigger CF taking over the page.
TEST=BUG doesn't happen anymore.

Review URL: http://codereview.chromium.org/465036

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33849 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 30 insertions, 0 deletions

diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc
index dd7ea8b..460f8d8 100644
--- a/chrome_frame/utils.cc
+++ b/chrome_frame/utils.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <htiframe.h>
+#include <mshtml.h>
 #include <shlobj.h>
 #include <wininet.h>
 
@@ -635,3 +637,31 @@ std::string GetRawHttpHeaders(IWinInetHttpInfo* info) {
 
   return buffer;
 }
+
+bool IsSubFrameRequest(IUnknown* service_provider) {
+  DCHECK(service_provider);
+
+  // We need to be able to get at an IWebBrowser2 if we are to decide whether
+  // this request originates from a non-top-level frame.
+  ScopedComPtr<IWebBrowser2> web_browser;
+  HRESULT hr = DoQueryService(IID_ITargetFrame2, service_provider,
+                              web_browser.Receive());
+
+  bool is_non_top_level_request = false;
+  if (web_browser) {
+    // Now check to see if we are in a sub-frame.
+    ScopedComPtr<IHTMLWindow2> current_frame, parent_frame;
+    hr = DoQueryService(IID_IHTMLWindow2, service_provider,
+                        current_frame.Receive());
+    if (current_frame) {
+      // Only the top level window will return self when get_parent is called.
+      current_frame->get_parent(parent_frame.Receive());
+      if (parent_frame != current_frame) {
+        DLOG(INFO) << "Sub frame detected";
+        is_non_top_level_request = true;
+      }
+    }
+  }
+
+  return is_non_top_level_request;
+}