UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36

Steps to reproduce the problem:
1. Browse to a website with Content-Security-Policy img-src 'none' and a report-uri set. No <link rel="icon" ...> should not be present as this would violate the CSP.

What is the expected behavior?
Chromium is unable to retrieve the favicon. Ideally with img-src 'none' it shouldn't even try /favicon.ico. No violation occurred.

What went wrong?
Chromium sees no <link rel="icon"...> so tries /favicon.ico. Because this violates the CSP it is blocked, and this is reported to the report-uri.

Did this work before? N/A 

Chrome version: 62.0.3202.89  Channel: n/a
OS Version: 
Flash Version: 

Firefox has similar behaviour. It logs the violation in the console, but does not report it to the website owner.

In its current state, chromium will report on any site with img-src 'none' as this does not allow for a favicon anyway.