diff --git a/dom/file/nsHostObjectProtocolHandler.cpp b/dom/file/nsHostObjectProtocolHandler.cpp
index 399770ae24d3..1e892dfdb540 100644
--- a/dom/file/nsHostObjectProtocolHandler.cpp
+++ b/dom/file/nsHostObjectProtocolHandler.cpp
@@ -7,6 +7,7 @@
 #include "nsHostObjectProtocolHandler.h"
 
 #include "DOMMediaStream.h"
+#include "mozilla/dom/ChromeUtils.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/Exceptions.h"
@@ -823,23 +824,35 @@ nsHostObjectProtocolHandler::NewChannel2(nsIURI* uri,
     return NS_ERROR_DOM_BAD_URI;
   }
 
-#ifdef DEBUG
-  DataInfo* info = GetDataInfoFromURI(uri);
-
-  // Info can be null, in case this blob URL has been revoked already.
-  if (info) {
-    nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(uri);
-    nsCOMPtr<nsIPrincipal> principal;
-    uriPrinc->GetPrincipal(getter_AddRefs(principal));
-    MOZ_ASSERT(info->mPrincipal == principal, "Wrong principal!");
+  nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(uri);
+  if (!uriPrinc) {
+    return NS_ERROR_DOM_BAD_URI;
   }
+
+  nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv = uriPrinc->GetPrincipal(getter_AddRefs(principal));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+#ifdef DEBUG
+  // Info can be null, in case this blob URL has been revoked already.
+  DataInfo* info = GetDataInfoFromURI(uri);
+  MOZ_ASSERT_IF(info, info->mPrincipal == principal);
 #endif
 
-  ErrorResult rv;
+  // We want to be sure that we stop the creation of the channel if the blob URL
+  // is copy-and-pasted on a different context (ex. private browsing or
+  // containers).
+  if (aLoadInfo &&
+      !ChromeUtils::IsOriginAttributesEqualIgnoringFPD(aLoadInfo->GetOriginAttributes(),
+                                                         BasePrincipal::Cast(principal)->OriginAttributesRef())) {
+    return NS_ERROR_DOM_BAD_URI;
+  }
+
+  ErrorResult error;
   nsCOMPtr<nsIInputStream> stream;
-  blobImpl->CreateInputStream(getter_AddRefs(stream), rv);
-  if (NS_WARN_IF(rv.Failed())) {
-    return rv.StealNSResult();
+  blobImpl->CreateInputStream(getter_AddRefs(stream), error);
+  if (NS_WARN_IF(error.Failed())) {
+    return error.StealNSResult();
   }
 
   nsAutoString contentType;
@@ -852,8 +865,8 @@ nsHostObjectProtocolHandler::NewChannel2(nsIURI* uri,
                                         NS_ConvertUTF16toUTF8(contentType),
                                         EmptyCString(), // aContentCharset
                                         aLoadInfo);
-  if (NS_WARN_IF(rv.Failed())) {
-    return rv.StealNSResult();
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
   }
 
   if (blobImpl->IsFile()) {
@@ -862,9 +875,9 @@ nsHostObjectProtocolHandler::NewChannel2(nsIURI* uri,
     channel->SetContentDispositionFilename(filename);
   }
 
-  uint64_t size = blobImpl->GetSize(rv);
-  if (NS_WARN_IF(rv.Failed())) {
-    return rv.StealNSResult();
+  uint64_t size = blobImpl->GetSize(error);
+  if (NS_WARN_IF(error.Failed())) {
+    return error.StealNSResult();
   }
 
   channel->SetOriginalURI(uri);