What is the origin of a document loaded from a blob: URL without sandboxing?

Stepping through the "For Document objects" list at https://html.spec.whatwg.org/multipage/origin.html#origin (sadly no direct way to link it):

1. No sandboxing, does not apply.
2. URL is not data:, does not apply.
3. Scheme is not a network scheme, does not apply.
4. Not about:blank, does not apply.
5. Not about:blank, does not apply.
6. Not javascript:, does not apply.
7. Not srcdoc, does not apply.
8. Fall through to DOM behavior, give it a unique origin.

Needless to say, this is not how blob: actually works in browsers, nor how anyone expects it to work. @mikewest @annevk @domenic

What Gecko does in practice is that when you create a Blob URL the association from url to Blob includes an association to the origin of the thing that created the blob, I believe. The load from the blob: URL gets that origin. In particular, if you load a subframe from a blob: URL and then set document.domain (or do it in the opposite order, either way) you are still "same origin-domain" with the blob: thing you loaded. Note that this is not the same thing as javascript: and about:blank origin inheritance, but similar.