void FileReaderLoader::startInternal(ExecutionContext& executionContext, const Stream* stream, PassRefPtr<BlobDataHandle> blobData) { // The blob is read by routing through the request handling layer given a temporary public url. m_urlForReading = BlobURL::createPublicURL(executionContext.getSecurityOrigin()); if (m_urlForReading.isEmpty()) { failed(FileError::SECURITY_ERR); return; } if (blobData) { ASSERT(!stream); BlobRegistry::registerPublicBlobURL(executionContext.getSecurityOrigin(), m_urlForReading, blobData); } else { ASSERT(stream); BlobRegistry::registerStreamURL(executionContext.getSecurityOrigin(), m_urlForReading, stream->url()); } // Construct and load the request. ResourceRequest request(m_urlForReading); request.setExternalRequestStateFromRequestorAddressSpace(executionContext.securityContext().addressSpace()); // FIXME: Should this really be 'internal'? Do we know anything about the actual request that generated this fetch? request.setRequestContext(WebURLRequest::RequestContextInternal); request.setHTTPMethod(HTTPNames::GET); if (m_hasRange) request.setHTTPHeaderField(HTTPNames::Range, AtomicString(String::format("bytes=%d-%d", m_rangeStart, m_rangeEnd))); ThreadableLoaderOptions options; options.preflightPolicy = ConsiderPreflight; options.crossOriginRequestPolicy = DenyCrossOriginRequests; // FIXME: Is there a directive to which this load should be subject? options.contentSecurityPolicyEnforcement = DoNotEnforceContentSecurityPolicy; // Use special initiator to hide the request from the inspector. options.initiator = FetchInitiatorTypeNames::internal; ResourceLoaderOptions resourceLoaderOptions; resourceLoaderOptions.allowCredentials = AllowStoredCredentials; if (m_client) { m_loader = ThreadableLoader::create(executionContext, this, options, resourceLoaderOptions); m_loader->start(request); } else { ThreadableLoader::loadResourceSynchronously(executionContext, request, *this, options, resourceLoaderOptions); } }